CN103067409A - World wide web (WEB) hotlinking protection method and gateway system thereof - Google Patents
World wide web (WEB) hotlinking protection method and gateway system thereof Download PDFInfo
- Publication number
- CN103067409A CN103067409A CN2013100218327A CN201310021832A CN103067409A CN 103067409 A CN103067409 A CN 103067409A CN 2013100218327 A CN2013100218327 A CN 2013100218327A CN 201310021832 A CN201310021832 A CN 201310021832A CN 103067409 A CN103067409 A CN 103067409A
- Authority
- CN
- China
- Prior art keywords
- gateway
- client
- request
- chain
- robber
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to a world wide web (WEB) hotlinking protection method and a gateway system thereof. The gateway system comprises a gateway configuration module, a hotlinking protection identification generating and distributing module and a hotlinking protection identification extracting and verifying module. 1) A pre-gateway is built between a client-end and a WEB server, the pre-gateway configurates hotlinking protection file types for the WEB server represented by the pre-gateway, the hotlinking protecting function is activated after the configuration takes effect. 2) According to a request type from the client-end, the pre-gateway judges whether a resource request is in the hotlinking protection file types. 3) The hotlinking protection identification is extracted and verified, the resource request meeting set conditions is transmitted to the WEB server from the pre-gateway. By means of the WEB hotlinking protection method and the gateway system thereof, a hotlinking attack can be confirmed in time, the source request is rejected, the WEB server and the diversity and the differentiation of an operation system are shielded, the software configuration of the server does not need to be changed, the service to WEB is transparent, and the previous management model is not affected.
Description
Technical field
The present invention relates to computer network security.Specifically, relate to the method and system that realize the website is stolen the chain protection based on preposition gateway.
Background technology
Development along with Internet technology, the website no longer is confined to only externally provide Word message, picture, video, these multimedia messagess of audio frequency appear in the website in a large number, multimedia messages brings safety problem for the website too when enriching the website form of expression, it is exactly wherein the most obvious a kind of stealing the chain attack.Steal chain and refer to that service provider oneself does not provide the content of service, walk around other favourable end-user interfaces by technological means, other service providers' service content directly is provided to the end user on the website of oneself, stealing the chain attack does not need to provide resource or provides extremely a small amount of resource can obtain flowing of access, but real service provider but can't obtain any income, and because picture, audio frequency, the access of video need to take a large amount of bandwidth resources, will cause the bandwidth of real provider server by illegal abuse, specifically can be with reference to (stealing the scene of chain attacking and defending rouge et noir, http://POWERSON Blog.CFAN.COM.CN).
At present, stealing the chain preventive means distinguishes from protective position and mainly is divided into server end protection and client protection (specifically can with reference to the technical research of anti-robber's chain, Zheng Shaohui etc., computer institute of Chengdu University of Electronic Science and Technology):
The main method of server end protection comprises: at the irregular transaction file of server end and directory name, increase authentication function, adopt dynamic script to carry out the file camouflage at server end at server end.Such as number of patent application be: 200910046476.8 application for a patent for invention, internet content delivery network is stolen the chain method, has mentioned employing User-Agent field and has increased the WEB responding process.Such as number of patent application be: 200910235899.4 application for a patent for invention, a kind of method of door chain and terminal are mainly verified the information of coming client with downloader.And for example number of patent application is: 201010569446.8 application for a patent for invention, a kind of anti-stealing link system and method have related to the access entrance place in the website, and user's access channel is carried out the blacklist checking, and after checking recording user information.And for example number of patent application is: 200610018165.7; a kind of Web service anti-stealing link method; the method of extras is set up in employing; the method can partly shielding effect be fallen the otherness of Web server and system platform; for example based on the anti-stealing link method of cipher key distribution server; the method additionally increases the cipher key distribution server; jointly make up encryption URL with Web server; utilize encryption URL protection site resource not stolen; but the method still needs to revise Web server; increase URL resolving, this process still depends on the system at Web server and server place.
Wherein increasing authentication function at server end is to steal the main flow means that the chain guard system adopts, and mainly comprises:
Mode with SessionID after client-side information encrypted adds in the access customer request URL, and is decrypted and is verified to determine that the user is whether as from normal access channel when the user accesses by server end;
When client is sent download request, the WEB server adds the User-Agent information of client in the URL of response, when client is accessed the CDN Download Server according to this URL, Download Server will verify whether the User-Agent that is added by the WEB server end is consistent with the User-Agent of user's access to determine the access source of client;
These methods can play the effect of stealing the chain protection to a certain extent, but because all functions all need to develop and move at server end, have following several respects not enough:
One, stealing the chain protection needs to adapt to different WEB application even operating system, will bring the large and poor problem of versatility of exploitation amount;
They are two years old, the main function of server end is response HTTP request, if add a large amount of encryption and decryption, checking and turn function, its performance must be affected, and the assailant only need to send the request that needs in a large number encryption and decryption, checking and turn function can make the server end load suddenly increase;
Its three, server end need to be revised the URL information of client-access, causes the obvious modification of client-access request.
Client protection major way is to send downloader to client when the client-requested resource, this downloader operates in client and is used for checking client information, when checking by the time return the client-requested data otherwise being connected broken clients end and server end, the method has alleviated the pressure of server end, but because client plug-in need to adapt from different browsers, therefore have also that the exploitation amount is large, the problem of poor compatibility, in a single day client plug-in exists leak simultaneously, will become the powerful that the assailant attacks client.
To sum up analysis is necessary traditional robber's chain protection mode and means of defence are all improved as can be known, thereby avoids the generation of above problem.
Summary of the invention
In view of this; the present invention proposes a kind of WEB steals the chain means of defence and the method is integrated in the preposition gateway; this kind pattern is protected the resource in the Website server in the mode of application level proxy; the method does not rely on Web server and the operating system of website; use general HTTP/HTTPS agreement; can reduce to greatest extent the intervention to the website using operation flow, and be easy to maintenance and expansion.
The objective of the invention is to propose a kind of WEB and steal the chain means of defence, its step comprises:
1) set up a preposition gateway between client and WEB server, the file type of chain protection is stolen in the WEB server configuration that described preposition gateway is its agency, starts behind the configuration take-effective and steals the chain safeguard function;
2) described preposition gateway judges that according to the request type of described client resource request is whether in described robber's chain protection document type;
If 2-1) type of request resource is included in the file type that has disposed, then described preposition gateway is according to setting the rule refusal or accepting request;
If 2-2) type of request resource is not included in the file type that has disposed, then described preposition gateway adds robber's chain protection sign of described preposition gateway distribution simultaneously according to the described client of setting rule request again resource request;
3) described robber's chain protection sign is extracted checking, will satisfy the resource request that imposes a condition from described preposition gateway forwards to this WEB server.
Described step 2-1) described preposition gateway is refused according to following setting rule or is accepted request:
2-1-1) described preposition gateway checks this resource request head, responds if this request header comprises robber's chain protection sign that gateway distributes then request is forwarded to true Web website;
If 2-1-2) this request header do not comprise steal chain protection sign replace server end to client from dynamic response, think this access for abnormal access and refuse.
Described step 2-2) described preposition gateway adds robber's chain protection sign of described preposition gateway distribution simultaneously according to the described client of following rule request again resource request:
If 2-2-1) be not included in the file type that has disposed, and this request header comprises robber's chain protection sign that gateway distributes and then request is forwarded to true Web website and responds;
If 2-2-2) this request header do not comprise steal chain protection sign preposition gateway replace the WEB server to client from dynamic response redirect response code; Require client again to ask this resource, and in request, add robber's chain protection sign of function Access Gateway distribution;
2-2-3) when client is asked this resource again, in request header, add and steal chain protection sign;
If 2-2-4) comprise can stolen chain resource for the resource of client-access, then will enter described step 2-1 when loading) in process.
Described preposition gateway obtains the request header information of client, and HTTP obtains the cookie territory by parsing, and gateway generates and the field of distribution if do not comprise in this cookie thresholding, then needs to generate and distribution robber chain protection sign for this request.
Stealing chain protection sign generates by hash algorithm or cipher mode.
It is as follows that described robber's chain protection sign is extracted checking:
A) chain protection information list is stolen in the parsing inquiry, judges whether to have robber's chain protection ident value identical with the field codomain in the gateway, if there is no identical robber's chain protects ident value, then this client is rejected the request of this resource;
B) if there is identical robber's chain protection ident value, the access originator address of preserving in the client source address of extracting and the preposition gateway is compared, if not identical, then this client is rejected the request of this resource,
C) time of preserving in current time and the preposition gateway is got in identical client source address and compare, setup times span variable,
If the time span difference of preserving in current time and the preposition gateway, judges then that this request exceeds scheduled visit time limit greater than the time span variable, this client will be rejected the request of this resource,
If the time span difference of preserving in current time and the preposition gateway, is then judged this request less than the time span variable and is met all conditions of stealing chain protection sign proof procedure, and this request is transmitted to the Web website of gateway proxy.
Preferably, delete simultaneously in the gateway corresponding with it tlv triple record in the described step c) and steal time, the access originator address of preserving in chain protection ident value, the preposition gateway.
Preferably, when the non-robber's chain of client-requested protection object resource, robber's chain that gateway will generate protection sign, client address and client-requested time are write in the mode of tlv triple in robber's chain protection information list of function Access Gateway and preserve.
Preferably, when the non-robber's chain of client-requested protection object resource, gateway will generate steals chain protection sign, by replying special head response to client, so that client will be asked this resource again, will steal simultaneously chain protection sign and join in the client-requested head.
The present invention also proposes a kind of robber's chain guard system of preposition gateway, comprising: be located at based on the gateway configuration module in the preposition net, steal chain protection sign generation distribution module and steal chain protection marker extraction authentication module.
Described configuration module is used for carrying out the configuration that the chain protection object is stolen in the Web website, and described preposition gateway judges that according to the request type of described client resource request is whether in described robber's chain protection document type;
Described robber's chain protection sign generates distribution module, is used for chain protection sign is stolen in non-robber's chain protection object generation and distribution, and the while preserves in gateway and steals chain protection sign, client address and client-requested times three partial information;
Described robber's chain protection marker extraction authentication module, be used for extracting robber's chain protection sign and client address from client-requested, steal simultaneously the checking of chain protection sign, client address checking and the expired checking of request time, confirm whether this request is transmitted to the Web website.
Beneficial effect of the present invention
Gateway is divided into non-hot link protection object resource and hot link protection object resource with request resource among the present invention, for the request of non-hot link protection object resource it is arranged and to steal chain protection identification information, with guarantee to the hot link protection object that is comprised in the non-hot link protection object detect and and protection; Steal chain protection sign, resource request client and the inspection of resource request time for the hot link protection object resource.The method can detect and block stealing the chain resource, effectively manages based on stealing chain protection sign for other resources of website simultaneously.Do not rely on the constructing system of website, do not disturb the way to manage of website, do not change client-requested URL information, judge by preposition gateway whether client belongs to the situation that the normal page in Web website is directly asked site resource of walking around, realize that robber's chain of Web website detects and protection.
Description of drawings
Fig. 1 is that a kind of WEB of the present invention steals gateway system composition and function distribution schematic diagram among chain means of defence one embodiment.
Fig. 2 is that a kind of WEB of the present invention steals gateway system logical execution flow schematic diagram among chain means of defence one embodiment.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, be understandable that described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those skilled in the art belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.
In this technical scheme; preposition gateway is the shielded Web of agency website comprehensively; HTTP request from client is submitted to first gateway and then is transmitted to the WEB server; the HTTP that the WEB server returns replys and arrives first gateway and then be transmitted to client; therefore gateway can fully be judged the source of client-access resource, judges that principle is:
The user of link is stolen in access and the difference of normal users maximum is, the user that link is stolen in access had not accessed the page of real service provider and had directly stolen the request of link, normal users generally will be obtained resource after the page of access real service provider again, therefore gateway will add robber's chain protection sign in user's request header when the client-access resource, when client is sent the request of the resource that loading can stolen chain, will steal chain protection identifier with this in the request, and access is stolen the user of link because never can stolen chain resource by normal page access, to can not comprise in its request header and steal chain protection identifier, gateway can will should directly be refused in request.
Preposition gateway at first need for the configuration of its agency's Web website steal chain protection institute for file type, mainly comprise picture, video, audio frequency but be not limited to this several types, after configuration take-effective, preposition gateway is this Web site promoter robber chain safeguard function.Preposition gateway is divided into following two kinds of processing modes to the request of mailing to the WEB service according to its file type:
1) gateway is analyzed the request of mailing to the WEB service, judge this asks desired file type whether to be included in the file type that has disposed, if be included in the file type that has disposed, then preposition gateway checks this resource request head, if comprising robber's chain protection sign that gateway distributes then request is forwarded to true Web website, this request header responds, if this request header do not comprise steal chain protection sign replace server end to client from dynamic response, think that this access is abnormal access and is refused.Mainly can comprise 2 points: the 1 request of the protected resource of band robber chain protection sign of directly accessing is directly refused; 2 process in gateway, process and can't help server end.
2) gateway is analyzed the request of mailing to the WEB service, judge this asks desired file type whether to be included in the file type that has disposed, if be not included in the file type that has disposed, and this request header comprises robber's chain protection sign that gateway distributes and then request is forwarded to true Web website and responds, if this request header do not comprise steal chain protection sign preposition gateway replace server to client from dynamic response redirect response code, require client again to ask this resource, and the robber's chain protection that adds the function Access Gateway distribution in request identifies, when client is asked this resource again, then will comprise in the request header and steal chain protection sign, can stolen chain resource if the resource of client-access comprises when loading, then will enter in the step 1) and process.
Above-mentioned method guarantees when comprising the protection resource type that this Web website sets in this resource, robber's chain protection sign that can comprise the gateway distribution, thereby the access to resource can not refused by gateway, the redirect response code is because can be directly by browser handles simultaneously, the access that can not affect the user is experienced, and the access habits that meets normal users, in addition, the URL information of the method in can the hurdle, modified address can be good at avoiding walking around access Web website and the problem of directly asking Web resource that the website provides.
Technology contents of the present invention mainly comprises: steal the generation distribution of chain protection sign, the extraction checking of stealing chain protection sign.
The generation of robber's chain protection sign of the present invention occurs in after the resource type of configuration and the required protection in Web website that comes into force.When client during with the non-protection resource type of http protocol request; just need to distribute when only having the non-protection resource type of request and steal chain protection sign; because being non-protection resource type, prerequisite comprises the protection resource type; be exactly picture and the audio frequency and video in the general seldom directly requests for page in fact; and needing first requests for page, the process that loads by the page can be asked the audio/video information in the page.Gateway can therefrom obtain the request header information Horg of client as the agency, obtains the cookie territory by resolving HTTP, and gateway generates and the field of distribution if do not comprise in the value in this cookie territory, and then needing is that this request generates and distribution is stolen the chain protection and identified.
Steal chain protection sign and generated by preposition gateway, preposition gateway extracts the client-requested time T
ReqAccess originator S with the WEB service
Ip, those skilled in the art personnel can clearly understand can be by hash algorithm or encryption and other coded systems generation robber chain protection sign L
HashGenerate and steal after the chain protection sign, preposition gateway is distributed this sign, and preposition gateway informs that by the http response conditional code this resource of client is transferred, and needs again request, increases simultaneously the Set-Cookie territory in response, with L
HashSign is set in the head response as the field in cookie territory, and steals chain protection sign L in preposition gateway under the first record
Hash, access originator S
IpWith request time T
ReqStealing chain protection information list H
ListIn, request resource again when client obtains this response, and will steal chain protection sign L
HashIn one section content write request as the Cookie territory, when client continues to access in this territory, all can be with L
HashPart as the Cookie territory.
The extraction proof procedure of robber's chain protection sign of the present invention occurs in when client-requested protection resource type.
Stealing chain protection sign leaching process is gateway can therefrom obtain client as the agency request header information H
Org, obtain the Cookie territory by resolving HTTP, from Cookie, extract the field that gateway increases, from this field, extract codomain and partly be designated as L
Hash-ex, from the IP head, extract simultaneously the source address S of client
Ip-exAnd checking.
Steal chain protection sign proof procedure for after obtaining corresponding information, verification method is as follows:
At first resolve inquiry and steal chain protection information list H
List, judge in the gateway whether exist and L
Hash-exIdentical L
HashValue, if there is no identical L
HashValue, then this client is rejected (namely returning 403forbidden) to the request of this resource, if there is identical L
HashValue then further compares,
With the S that extracts
Ip-exWith the S that preserves in the gateway
IpCompare, if not identical, then this client is rejected the request of this resource, if identical, then further compare,
Get current time T
CurWith the T that preserves in the gateway
ReqTime compares, setup times span variable T
DeltaIf, T
ReqWith T
CurThe time span difference greater than T
Delta, think that then this request exceeds scheduled visit time limit, this client will be rejected the request of this resource, delete simultaneously in the gateway corresponding with it tlv triple record L
Hash, T
Req, S
IpIf, T
ReqWith T
CurTime span less than or equal to T
Delta, think that then this request meets all conditions of stealing chain protection sign proof procedure, and this request be transmitted to the Web website of gateway proxy.
Robber's chain guard system based on preposition gateway provided by the invention mainly comprises on the function: configuration module, robber's chain protection sign generate distribution module, robber's chain protects the marker extraction authentication module.
The configuration module major function is to carry out the configuration that the chain protection object is stolen in the Web website.
It is non-robber's chain protection object to be generated and distributes the protection of robber's chain identify that robber's chain protects sign generation distribution module major function, simultaneously preservation robber chain protection sign, client address and client-requested times three partial information in gateway.
Stealing chain protection marker extraction authentication module major function is to extract to steal chain protection sign and client address from client-requested, steal simultaneously the checking of chain protection sign, client address checking and the expired checking of request time, thereby confirm whether this request is transmitted to the Web website.
That a kind of WEB of the present invention steals gateway system composition and function distribution schematic diagram among chain means of defence one embodiment as shown in Figure 1, gateway is deployed between client and the Web service, gateway plays agency's effect, directly access Web service so that client can not be walked around gateway, and in the situation of stealing the chain generation, replace the server refusal to provide resource response to client.
Be for a kind of WEB of the present invention steals gateway system logical execution flow schematic diagram among chain means of defence one embodiment as shown in Figure 2, for use and the execution in step of stealing chain protection gateway be:
1. gateway is configured setting, gateway will be distinguished non-hot link protection object and hot link protection object after setting up, and be avi, jpg, gif, bmp, rmvb etc. such as the hot link protection object, other be non-hot link protection object, such as html etc.
2. if the non-hot link protection object resource of client-requested, for example http://www.example.com/example.html comprises the link of hotlink.avi file in this resource, request time stamp T
ReqBe 1355821176, client source S
IpBe 192.168.1.22, then robber's chain protection sign carried out in this request and generated distribution module:
A) steal chain protection sign for request resource generates, calculate L
Hash=H (T
Req, S
Ip), will steal chain protection sign L
Hash, client source address S
IpAnd client-requested time T
ReqBe kept at and steal in the chain protection information list;
B) the HTTP Status that generates in the redirect response head response for client is set to 302, and with client-requested
Http:// www.example.com/example.htmlBe set to the resource transfers address, and in response, add the Set-Cookie territory, will steal chain protection sign L
HashWrite this territory;
C) wait for next time resource request process.
3. if client-requested hot link protection object resource (this moment object added the Set-Cookie territory) is then carried out and is stolen chain protection marker extraction authentication module:
A) the Cookie domain information in the extraction request resource parses and steals chain protection sign L
HashWith client address information S
Ip, resolve unsuccessfully and directly reply the denied access resource response to client;
B) traversal is stolen chain protection information list, judges whether to exist this robber's chain protection sign L
HashIf exist and carry out next step, otherwise directly reply the denied access resource response to client;
C) judge client address S
IpWhether protecting the client address of preserving in the information list with robber's chain is that 192.168.1.22 is complementary, if coupling is carried out next step, otherwise directly replys the denied access resource response to client;
D) judge whether the client resource request is expired, if not out of date then the resource request of client is transmitted to the Web website, otherwise would directly reply the denied access resource response to client;
E) wait for next time resource request process.
Claims (10)
1. a WEB steals the chain means of defence, and its step comprises:
1) set up a preposition gateway between client and WEB server, the file type of chain protection is stolen in the WEB server configuration that described preposition gateway is its agency, starts behind the configuration take-effective and steals the chain safeguard function;
2) described preposition gateway judges that according to the request type of described client resource request is whether in described robber's chain protection document type;
If 2-1) type of request resource is included in the file type that has disposed, then described preposition gateway is according to setting the rule refusal or accepting request;
If 2-2) type of request resource is not included in the file type that has disposed, then described preposition gateway adds robber's chain protection sign of described preposition gateway distribution simultaneously according to the described client of setting rule request again resource request;
3) described robber's chain protection sign is extracted checking, will satisfy the resource request that imposes a condition from described preposition gateway forwards to this WEB server.
2. WEB as claimed in claim 1 steals the chain means of defence, it is characterized in that described step 2-1) described preposition gateway refuses according to following settings rule or accepts request:
2-1-1) described preposition gateway checks this resource request head, responds if this request header comprises robber's chain protection sign that gateway distributes then request is forwarded to true Web website;
If 2-1-2) this request header do not comprise steal chain protection sign replace server end to client from dynamic response, think this access for abnormal access and refuse.
3. WEB as claimed in claim 1 steals the chain means of defence, it is characterized in that described step 2-2) described preposition gateway adds robber's chain protection sign of described preposition gateway distribution simultaneously according to the described client of following rule request again resource request:
If 2-2-1) be not included in the file type that has disposed, and this request header comprises robber's chain protection sign that gateway distributes and then request is forwarded to true Web website and responds;
If 2-2-2) this request header do not comprise steal chain protection sign preposition gateway replace the WEB server to client from dynamic response redirect response code; Require client again to ask this resource, and in request, add robber's chain protection sign of function Access Gateway distribution;
2-2-3) when client is asked this resource again, in request header, add and steal chain protection sign;
If 2-2-4) comprise can stolen chain resource for the resource of client-access, then will enter described step 2-1 when loading) in process.
4. WEB steals the chain means of defence as claimed in claim 2 or claim 3, it is characterized in that, described preposition gateway obtains the request header information of client, obtain the cookie territory by resolving HTTP, gateway generates and the field of distribution if do not comprise in this cookie thresholding, then needs to generate and distribution robber chain protection sign for this request.
5. WEB as claimed in claim 1 steals the chain means of defence, it is characterized in that, steals chain protection sign and generates by hash algorithm or cipher mode.
6. WEB as claimed in claim 1 steals the chain means of defence, it is characterized in that, it is as follows that described robber's chain protection sign is extracted checking:
A) chain protection information list is stolen in the parsing inquiry, judges whether to have robber's chain protection ident value identical with the field codomain in the gateway, if there is no identical robber's chain protects ident value, then this client is rejected the request of this resource;
B) if there is identical robber's chain protection ident value, the access originator address of preserving in the client source address of extracting and the preposition gateway is compared, if not identical, then this client is rejected the request of this resource,
C) time of preserving in current time and the preposition gateway is got in identical client source address and compare, setup times span variable,
If the time span difference of preserving in current time and the preposition gateway, judges then that this request exceeds scheduled visit time limit greater than the time span variable, this client will be rejected the request of this resource,
If the time span difference of preserving in current time and the preposition gateway, is then judged this request less than the time span variable and is met all conditions of stealing chain protection sign proof procedure, and this request is transmitted to the Web website of gateway proxy.
7. WEB as claimed in claim 6 steals the chain means of defence, it is characterized in that, deletes simultaneously in the gateway corresponding with it tlv triple record in the described step c) and steals time, the access originator address of preserving in chain protection ident value, the preposition gateway.
8. WEB as claimed in claim 1 steals the chain means of defence, it is characterized in that, when the non-robber's chain of client-requested protection object resource, robber's chain that gateway will generate protection sign, client address and client-requested time are write in the mode of tlv triple in robber's chain protection information list of function Access Gateway and preserve.
9. WEB as claimed in claim 1 steals the chain means of defence, it is characterized in that, when the non-robber's chain of client-requested protection object resource, gateway will generate steals chain protection sign, by replying special head response to client, so that client will be asked this resource again, will steal simultaneously chain protection sign and join in the client-requested head.
10. robber's chain guard system of a preposition gateway comprises: be located at based on the gateway configuration module in the preposition net, steal chain protection sign generation distribution module and steal chain protection marker extraction authentication module.
Described configuration module is used for carrying out the configuration that the chain protection object is stolen in the Web website, and described preposition gateway judges that according to the request type of described client resource request is whether in described robber's chain protection document type;
Described robber's chain protection sign generates distribution module, is used for chain protection sign is stolen in non-robber's chain protection object generation and distribution, and the while preserves in gateway and steals chain protection sign, client address and client-requested times three partial information;
Described robber's chain protection marker extraction authentication module, be used for extracting robber's chain protection sign and client address from client-requested, steal simultaneously the checking of chain protection sign, client address checking and the expired checking of request time, confirm whether this request is transmitted to the Web website.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310021832.7A CN103067409B (en) | 2013-01-21 | 2013-01-21 | A kind of WEB steals chain means of defence and gateway system thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310021832.7A CN103067409B (en) | 2013-01-21 | 2013-01-21 | A kind of WEB steals chain means of defence and gateway system thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103067409A true CN103067409A (en) | 2013-04-24 |
| CN103067409B CN103067409B (en) | 2015-10-14 |
Family
ID=48109869
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310021832.7A Active CN103067409B (en) | 2013-01-21 | 2013-01-21 | A kind of WEB steals chain means of defence and gateway system thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103067409B (en) |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103701796A (en) * | 2013-12-23 | 2014-04-02 | 山东中创软件商用中间件股份有限公司 | Hotlink protection system and method on basis of HASH technology |
| CN103986735A (en) * | 2014-06-05 | 2014-08-13 | 北京赛维安讯科技发展有限公司 | CDN (content distribution network) antitheft system and antitheft method |
| CN104135507A (en) * | 2014-06-30 | 2014-11-05 | 北京奇艺世纪科技有限公司 | A method and a device for hotlink protection |
| WO2016184216A1 (en) * | 2015-05-15 | 2016-11-24 | 乐视云计算有限公司 | Link-stealing prevention method, link-stealing prevention server, and client side |
| CN106599622A (en) * | 2016-12-06 | 2017-04-26 | 福建中金在线信息科技有限公司 | Method and device for filtering application software interface program |
| WO2017084284A1 (en) * | 2015-11-16 | 2017-05-26 | 乐视控股(北京)有限公司 | Method for detecting operation of function management configuration server, legitimate client, cdn node and system |
| CN107294927A (en) * | 2016-04-05 | 2017-10-24 | 北京优朋普乐科技有限公司 | Anti-stealing link method, device and system based on the network terminal |
| CN107493250A (en) * | 2016-06-12 | 2017-12-19 | 阿里巴巴集团控股有限公司 | A kind of method that web-page requests are authenticated, client and server |
| CN107911336A (en) * | 2017-10-09 | 2018-04-13 | 西安交大捷普网络科技有限公司 | A kind of WEB steals chain means of defence |
| CN108574686A (en) * | 2017-05-17 | 2018-09-25 | 北京金山云网络技术有限公司 | A kind of method and device of online preview file |
| CN109246127A (en) * | 2018-10-12 | 2019-01-18 | 上海哔哩哔哩科技有限公司 | A kind of the safety sharing control method and system of audio resource |
| US10212166B2 (en) | 2014-03-24 | 2019-02-19 | Huawei Technologies Co., Ltd. | File downloading method, apparatus, and system |
| CN109413000A (en) * | 2017-08-15 | 2019-03-01 | 吴波 | A kind of anti-stealing link method and door chain gateway system |
| CN109446823A (en) * | 2018-09-30 | 2019-03-08 | 天津字节跳动科技有限公司 | Preview file method, apparatus, electronic equipment and readable storage medium storing program for executing |
| CN109525613A (en) * | 2019-01-16 | 2019-03-26 | 湖南快乐阳光互动娱乐传媒有限公司 | A kind of demand processing system and method |
| CN110392022A (en) * | 2018-04-19 | 2019-10-29 | 阿里巴巴集团控股有限公司 | A kind of network resource access method, computer equipment, storage medium |
| CN111404898A (en) * | 2020-03-06 | 2020-07-10 | 北京创世云科技有限公司 | Anti-stealing-link method and device, storage medium and electronic equipment |
| CN112118319A (en) * | 2020-09-22 | 2020-12-22 | 国网电子商务有限公司 | Network URL resource processing method and system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050039009A1 (en) * | 2003-07-25 | 2005-02-17 | Fei Zhou | Web management system and method based on authentication |
| CN102752300A (en) * | 2012-06-28 | 2012-10-24 | 用友软件股份有限公司 | Dynamic antitheft link system and dynamic antitheft link method |
-
2013
- 2013-01-21 CN CN201310021832.7A patent/CN103067409B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050039009A1 (en) * | 2003-07-25 | 2005-02-17 | Fei Zhou | Web management system and method based on authentication |
| CN102752300A (en) * | 2012-06-28 | 2012-10-24 | 用友软件股份有限公司 | Dynamic antitheft link system and dynamic antitheft link method |
Cited By (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103701796A (en) * | 2013-12-23 | 2014-04-02 | 山东中创软件商用中间件股份有限公司 | Hotlink protection system and method on basis of HASH technology |
| US10212166B2 (en) | 2014-03-24 | 2019-02-19 | Huawei Technologies Co., Ltd. | File downloading method, apparatus, and system |
| CN103986735B (en) * | 2014-06-05 | 2017-04-19 | 北京赛维安讯科技发展有限公司 | CDN (content distribution network) antitheft system and antitheft method |
| CN103986735A (en) * | 2014-06-05 | 2014-08-13 | 北京赛维安讯科技发展有限公司 | CDN (content distribution network) antitheft system and antitheft method |
| CN104135507A (en) * | 2014-06-30 | 2014-11-05 | 北京奇艺世纪科技有限公司 | A method and a device for hotlink protection |
| CN104135507B (en) * | 2014-06-30 | 2018-01-16 | 北京奇艺世纪科技有限公司 | A kind of method and apparatus of door chain |
| WO2016184216A1 (en) * | 2015-05-15 | 2016-11-24 | 乐视云计算有限公司 | Link-stealing prevention method, link-stealing prevention server, and client side |
| WO2017084284A1 (en) * | 2015-11-16 | 2017-05-26 | 乐视控股(北京)有限公司 | Method for detecting operation of function management configuration server, legitimate client, cdn node and system |
| CN107294927A (en) * | 2016-04-05 | 2017-10-24 | 北京优朋普乐科技有限公司 | Anti-stealing link method, device and system based on the network terminal |
| CN107493250A (en) * | 2016-06-12 | 2017-12-19 | 阿里巴巴集团控股有限公司 | A kind of method that web-page requests are authenticated, client and server |
| CN107493250B (en) * | 2016-06-12 | 2020-08-04 | 阿里巴巴集团控股有限公司 | Method, client and server for authenticating webpage request |
| CN106599622A (en) * | 2016-12-06 | 2017-04-26 | 福建中金在线信息科技有限公司 | Method and device for filtering application software interface program |
| CN108574686A (en) * | 2017-05-17 | 2018-09-25 | 北京金山云网络技术有限公司 | A kind of method and device of online preview file |
| CN108574686B (en) * | 2017-05-17 | 2021-08-06 | 北京金山云网络技术有限公司 | Method and device for previewing file online |
| CN109413000B (en) * | 2017-08-15 | 2021-06-18 | 刘其星 | Anti-stealing-link method and anti-stealing-link network relation system |
| CN109413000A (en) * | 2017-08-15 | 2019-03-01 | 吴波 | A kind of anti-stealing link method and door chain gateway system |
| CN107911336A (en) * | 2017-10-09 | 2018-04-13 | 西安交大捷普网络科技有限公司 | A kind of WEB steals chain means of defence |
| CN107911336B (en) * | 2017-10-09 | 2022-02-25 | 西安交大捷普网络科技有限公司 | WEB hotlinking protection method |
| CN110392022A (en) * | 2018-04-19 | 2019-10-29 | 阿里巴巴集团控股有限公司 | A kind of network resource access method, computer equipment, storage medium |
| CN110392022B (en) * | 2018-04-19 | 2022-04-05 | 阿里巴巴集团控股有限公司 | Network resource access method, computer equipment and storage medium |
| CN109446823A (en) * | 2018-09-30 | 2019-03-08 | 天津字节跳动科技有限公司 | Preview file method, apparatus, electronic equipment and readable storage medium storing program for executing |
| CN109246127A (en) * | 2018-10-12 | 2019-01-18 | 上海哔哩哔哩科技有限公司 | A kind of the safety sharing control method and system of audio resource |
| CN109246127B (en) * | 2018-10-12 | 2021-05-28 | 上海哔哩哔哩科技有限公司 | Safe sharing control method and system for audio resources |
| CN109525613A (en) * | 2019-01-16 | 2019-03-26 | 湖南快乐阳光互动娱乐传媒有限公司 | A kind of demand processing system and method |
| CN111404898B (en) * | 2020-03-06 | 2021-03-23 | 北京创世云科技有限公司 | Anti-stealing-link method and device, storage medium and electronic equipment |
| CN111404898A (en) * | 2020-03-06 | 2020-07-10 | 北京创世云科技有限公司 | Anti-stealing-link method and device, storage medium and electronic equipment |
| CN112118319A (en) * | 2020-09-22 | 2020-12-22 | 国网电子商务有限公司 | Network URL resource processing method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103067409B (en) | 2015-10-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103067409B (en) | A kind of WEB steals chain means of defence and gateway system thereof | |
| CN109413000B (en) | Anti-stealing-link method and anti-stealing-link network relation system | |
| CN103944900B (en) | It is a kind of that attack prevention method and its device are asked across station based on encryption | |
| US9607132B2 (en) | Token-based validation method for segmented content delivery | |
| Le Blond et al. | One Bad Apple Spoils the Bunch: Exploiting {P2P} Applications to Trace and Profile Tor Users | |
| Holowczak et al. | Cachebrowser: Bypassing chinese censorship without proxies using cached content | |
| CN103229181A (en) | Protecting websites and website users by obscuring URLs | |
| WO2015013459A1 (en) | Systems and methods for managing network resource requests | |
| EP2395729B1 (en) | Distribution system and method of distributing content files | |
| CN105721411A (en) | Method for preventing hotlinking, server and client terminalfor preventing hotlinking | |
| US8370620B2 (en) | Distribution system and method of distributing content files | |
| CN105704139A (en) | RTMP protocol-based streaming media service user authentication method | |
| CN103957436A (en) | Video anti-stealing-link method based on OTT service | |
| Bocovich et al. | Slitheen: Perfectly imitated decoy routing through traffic replacement | |
| CN106101133A (en) | A kind of method and system of Streaming Media door chain | |
| US20180150877A1 (en) | 3rd party request-blocking bypass layer | |
| CN107911336A (en) | A kind of WEB steals chain means of defence | |
| US20030217163A1 (en) | Method and system for assessing a right of access to content for a user device | |
| CN105915494A (en) | Anti-stealing-link method and system | |
| CN104021349A (en) | Network evidence beforehand preservation method and preservation device | |
| CN109450990A (en) | A kind of cloud storage implementation method and electronic equipment based on educational system | |
| Bauer et al. | BitBlender: Light-weight anonymity for BitTorrent | |
| CN112073366A (en) | Data processing method for railway financial system and data center | |
| CN104378325B (en) | Network electronic data acquisition solidification, verification and reduction method and system | |
| Peng et al. | An effective method for combating malicious scripts clickbots |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |