CN103067409B - A kind of WEB steals chain means of defence and gateway system thereof - Google Patents
A kind of WEB steals chain means of defence and gateway system thereof Download PDFInfo
- Publication number
- CN103067409B CN103067409B CN201310021832.7A CN201310021832A CN103067409B CN 103067409 B CN103067409 B CN 103067409B CN 201310021832 A CN201310021832 A CN 201310021832A CN 103067409 B CN103067409 B CN 103067409B
- Authority
- CN
- China
- Prior art keywords
- client
- request
- gateway
- chain
- robber
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention relates to a kind of WEB and steal chain means of defence and gateway system thereof, system comprises: gateway configuration module, robber's chain protection mark generate distribution module and steal chain protects marker extraction authentication module, 1) between client and WEB server, set up a preposition gateway, preposition gateway is the file type of the WEB server configuration robber chain protection of its agency, starts and steal chain safeguard function after configuration take-effective; 2) according to the request type of described client, preposition gateway judges whether resource request is being stolen in chain protection document type; 3) extraction checking is carried out, by the satisfied resource request imposed a condition from described preposition gateway forwards to this WEB server to robber's chain protection mark.The present invention can determine that stealing chain attacks and refuse resource access, shields the Web server of website and the diversity of operating system and otherness in time, without the need to changing software merit rating on server, also transparent to WEB service, does not affect original management mode.
Description
Technical field
The present invention relates to computer network security.Specifically, the method and system realizing carrying out stealing to website chain protection based on preposition gateway are related to.
Background technology
Along with the development of Internet technology, website is no longer confined to only externally provide Word message, these multimedia messagess of picture, video, audio frequency appear in website in a large number, multimedia messages is too for safety problem is brought in website while enriching the website form of expression, and it is exactly wherein the most a kind of for stealing chain attack.Steal chain and refer to that service provider oneself does not provide the content of service, other favourable end-user interfaces are walked around by technological means, the service content of other service providers is directly provided to end user on the website of oneself, steal chain attack not need resource to be provided or to provide extremely a small amount of resource to obtain flowing of access, but real service provider but cannot obtain any income, and due to picture, audio frequency, the access of video needs to take a large amount of bandwidth resources, the bandwidth of real provider server will be caused by illegal abuse, specifically can with reference to (stealing the scene of chain attacking and defending rouge et noir, http://POWERSON Blog.CFAN.COM.CN).
At present, steal chain preventive means to carry out distinguishing from protective position and be mainly divided into server end to protect and client protection (specifically can with reference to the technical research of anti-robber's chain, Zheng Shaohui etc., School of Computer Science of Chengdu University of Electronic Science and Technology):
The main method of server end protection comprises: at the irregular transaction file of server end and directory name, increase authentication function at server end, adopt dynamic script to carry out file camouflage at server end.As number of patent application is: the application for a patent for invention of 200910046476.8, internet content delivery network steals chain method, refer to and adopts User-Agent field and increase WEB responding process.As number of patent application is: the application for a patent for invention of 200910235899.4, a kind of method of door chain and terminal, the main downloader that uses is verified the information carrying out client.And for example number of patent application is: the application for a patent for invention of 201010569446.8, a kind of anti-stealing link system and method, has related to the access entrance place in website, carries out blacklist checking to the access channel of user, and recording user information after the validation.And for example number of patent application is: 200610018165.7, a kind of Web service anti-stealing link method, adopt the method for erection extras, the method can fall the otherness of Web server and system platform by partly shielding effect, such as based on the anti-stealing link method of key issuing server, the method additionally increases key issuing server, jointly build with Web server and encrypt URL, utilize encryption URL guarding website resource not stolen, but the method still needs to revise Web server, increase URL resolving, this process still depends on the system at Web server and server place.
Wherein increasing authentication function at server end is the main flow means stealing the employing of chain guard system, mainly comprises:
Add in access customer request URL in the mode of SessionID after client-side information is encrypted, and be decrypted by server end when user accesses and verify to determine whether user is from normally accessing channel;
When client sends download request, WEB server adds the User-Agent information of client in the URL of response, when client accesses CDN download server according to this URL, download server is originated verifying that whether the User-Agent added by WEB server end is consistent with the User-Agent that user accesses with the access determining client;
These methods can play the effect stealing chain protection to a certain extent, but all need to develop at server end and run due to all functions, have following several respects not enough:
One, stealing chain protection needs to adapt to different WEB application even operating system, will bring the problem of the large and poor universality of exploitation amount;
They are two years old, the main function of server end is response HTTP request, if add a large amount of encryption and decryption, checking and turn function, its performance must be affected, and assailant only needs to send needs encryption and decryption in a large number, the request of checking and turn function can make server end load suddenly increase;
Its three, server end needs to revise the URL information of client-access, causes the obvious amendment of client-access request.
Client protection major way sends downloader when client-requested resource to client, this downloader operates in client and is used for checking client information, client-requested data are returned otherwise by the connection of broken clients end and server end when being verified, the method alleviates the pressure of server end, but because client plug-in needs to adapt from different browsers, therefore also have that exploitation amount is large, the problem of poor compatibility, simultaneously once there is leak in client plug-in, will become assailant and attack the powerful of client.
To sum up analyze known, be necessary all to improve traditional robber's chain protection mode and means of defence, thus avoid the generation of above problem.
Summary of the invention
In view of this; the present invention proposes a kind of WEB steal chain means of defence and the method be integrated in preposition gateway; this kind of pattern is protected the resource in Website server in the mode of application level proxy; the method does not rely on Web server and the operating system of website; use general HTTP/HTTPS agreement; the intervention to website operation flow can be reduced to greatest extent, and be easy to maintenance and expansion.
The object of the invention is to propose a kind of WEB and steal chain means of defence, its step comprises:
1) between client and WEB server, set up a preposition gateway, described preposition gateway is the file type of the WEB server configuration robber chain protection of its agency, starts and steal chain safeguard function after configuration take-effective;
2) described preposition gateway judges resource request whether in described robber's chain protection document type according to the request type of described client;
If 2-1) type of request resource is included in the file type configured, then described preposition gateway is refused according to setting rule or accepts request;
If 2-2) type of request resource is not included in the file type configured, then described preposition gateway according to setting rule request client again resource request add robber's chain protection mark of described preposition gateway distribution simultaneously;
3) extraction checking is carried out, by the satisfied resource request imposed a condition from described preposition gateway forwards to this WEB server to described robber's chain protection mark.
Described step 2-1) described preposition gateway is according to following setting rule refusal or accept request:
2-1-1) described preposition gateway checks this resource request head, if this request header comprises robber's chain protection mark that gateway is distributed, is responded by request forward to true Web site;
If 2-1-2) this request header does not comprise robber's chain protection mark, replacement server end from dynamic response, thinks that this access is abnormal access and refuses to client.
Described step 2-2) described preposition gateway according to following rule request client again resource request add robber's chain protection mark of described preposition gateway distribution simultaneously:
If 2-2-1) be not included in the file type configured, and this request header comprises robber's chain protection mark that gateway distributes then is responded to true Web site by request forward;
If 2-2-2) this request header does not comprise robber's chain protection mark, preposition gateway replaces WEB server to client from dynamic response redirect response code; Require that client asks this resource again, and while request, add robber's chain protection mark of function Access Gateway distribution;
2-2-3) when client asks this resource again, add in request header and steal chain protection mark;
If 2-2-4) comprise when loading can stolen chain resource for the resource of client-access, then will enter described step 2-1) in process.
Described preposition gateway obtains the request header information of client, obtaining cookie territory, generating and the field of distributing if do not comprise gateway in this cookie thresholding by resolving HTTP, then need to steal chain protection mark for this request generates and distributes.
Steal chain protection mark to be generated by hash algorithm or cipher mode.
It is as follows that described robber's chain protection mark carries out extraction checking:
A) resolve inquiry and steal chain protection information list, judge that whether there is robber's chain identical with field codomain in gateway protects ident value, if there is no identical robber's chain protection ident value, then the request of this client to this resource is rejected;
If b) there is identical robber's chain protection ident value, compared the access originator address of preserving in the client source address of extraction and preposition gateway, if not identical, then the request of this client to this resource is rejected,
C) get the time of preserving in current time and preposition gateway to identical client source address to compare, setup times span variable,
If the time span difference of preserving in current time and preposition gateway is greater than time span variable, then judge that this request exceeds scheduled visit time limit, this client will be rejected the request of this resource,
If the time span difference of preserving in current time and preposition gateway is less than time span variable, then judge that this request meets all conditions stealing chain protection mark proof procedure, and by this request forward to the Web site of gateway proxy.
Preferably, to delete in described step c) in gateway simultaneously tlv triple record corresponding with it steal preserve in chain protection ident value, preposition gateway time, access originator address.
Preferably, when the non-robber's chain protection object resource of client-requested, robber's chain of generation protection mark, client address and client-requested time write in the mode of tlv triple in robber's chain protection information list of gateway and preserve by gateway.
Preferably, when the non-robber's chain protection object resource of client-requested, chain protection mark is stolen in generation by gateway, by replying special head response to client, make client will ask this resource again, robber's chain protection mark is joined in client-requested head simultaneously.
The present invention also proposes a kind of robber's chain guard system of preposition gateway, comprising: be located at based on the gateway configuration module in preposition net, steal chain protection mark generation distribution module and steal chain protection marker extraction authentication module.
Described configuration module, steals the configuration of chain protection object for carrying out Web site, described preposition gateway judges resource request whether in described robber's chain protection document type according to the request type of described client;
Described robber's chain protection mark generates distribution module, and steal chain protection mark for generating non-robber's chain protection object and distributing, chain protection mark, client address and client-requested time three partial information are stolen in preservation in a gateway simultaneously;
Described robber's chain protection marker extraction authentication module, chain protection mark and client address is stolen for extracting from client-requested, carry out robber's chain protection identity verification, client address checking and the expired checking of request time simultaneously, confirm whether this request is transmitted to Web site.
Beneficial effect of the present invention
In the present invention, request resource is divided into non-hot link protection object resource and hot link protection object resource by gateway, for the request of non-hot link protection object resource it is arranged and steals chain protection identification information, with ensure to detect the hot link protection object comprised in non-hot link protection object and and protection; Hot link protection object resource is carried out stealing chain protection mark, resource request client and the inspection of resource request time.The method can be carried out detecting to robber's chain resource and block, and effectively manages for other resources of website based on robber's chain protection mark simultaneously.Do not rely on the constructing system of website, do not disturb the way to manage of website, do not change client-requested URL information, judge whether client belongs to walk around the situation that the normal page of Web site directly asks site resource by preposition gateway, the robber's chain realizing Web site detects and protection.
Accompanying drawing explanation
Fig. 1 is that a kind of WEB of the present invention steals gateway system composition and function distribution schematic diagram in chain means of defence one embodiment.
Fig. 2 is that a kind of WEB of the present invention steals gateway system logical execution flow schematic diagram in chain means of defence one embodiment.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described, be understandable that the technical scheme in the embodiment of the present invention, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those skilled in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
In this technical scheme; preposition gateway acts on behalf of shielded Web site comprehensively; HTTP request from client is first submitted to gateway and then is transmitted to WEB server; the HTTP response that WEB server returns first arrives gateway and then is transmitted to client; therefore gateway fully can judge the source of client-access resource, judges that principle is:
The user of link is stolen in access and the maximum difference of normal users is, the user that link is stolen in access had not accessed the page of real service provider and had directly carried out stealing the request of link, normal users obtains after the page of access real service provider resource under normal circumstances again, therefore gateway will add robber's chain protection mark in user's request header when client-access resource, when client send load can the request of resource of stolen chain time, will with this robber's chain protection identifier in request, and the user that link is stolen in access is due to never can stolen chain resource by normal page access, can not comprise in its request header and steal chain protection identifier, this request can directly be refused by gateway.
Preposition gateway first need the Web site configuration for its agency steal chain protection institute for file type, mainly comprise picture, video, audio frequency but be not limited to this several types, after configuration take-effective, preposition gateway is this Web site startup robber chain safeguard function.Preposition gateway is divided into following two kinds of processing modes to the request of mailing to WEB service according to its file type:
1) gateway is analyzed the request of mailing to WEB service, judge whether the file type required by this request is included in the file type configured, if be included in the file type configured, then preposition gateway checks this resource request head, if this request header comprises robber's chain protection mark that gateway is distributed, request forward is responded to true Web site, if this request header does not comprise steal chain protection mark, replacement server end from dynamic response, thinks that this access is abnormal access and is refused to client.Mainly can comprise 2 points: the request of the protected resource of 1 direct access with not stealing chain protection mark is directly refused; 2 process in a gateway, and can't help server end and process.
2) gateway is analyzed the request of mailing to WEB service, judge whether the file type required by this request is included in the file type configured, if be not included in the file type configured, and this request header comprises robber's chain protection mark that gateway distributes then to be responded request forward to true Web site, if this request header does not comprise steal chain protection mark, preposition gateway replaces server to client from dynamic response redirect response code, require that client asks this resource again, and while request, add robber's chain protection mark of function Access Gateway distribution, when client asks this resource again, then will comprise in request header and steal chain protection mark, can stolen chain resource if the resource of client-access comprises when loading, then will enter in step 1) and process.
Above-mentioned method ensures when comprising the protection resource type set by this Web site in this resource, robber's chain protection mark of gateway distribution can be comprised, thus can not be refused by gateway the access of resource, simultaneously redirect response code is due to can directly by browser process, the access that can not affect user is experienced, and meet the access habits of normal users, in addition, the method can not URL information in hurdle, modified address, can be good at avoiding walking around access Web site and directly ask Web site the problem of resource is provided.
Technology contents of the present invention mainly comprises: steal the generation distribution of chain protection mark, steal the extraction checking of chain protection mark.
The generation of robber's chain of the present invention protection mark occurs in and configure and after the resource type protected required for the Web site that comes into force.When client is with http protocol request non-protected resource type; only having during request non-protected resource type just needs distribution to steal chain protection mark; that non-protect types resource comprises protect types resource premised on cause; be exactly the picture in general little direct requests for page and audio frequency and video in fact; and needing first requests for page, the process loaded by the page can ask the audio/video information in the page.Gateway therefrom can obtain the request header information Horg of client as agency, obtaining cookie territory, generating and the field of distributing if do not comprise gateway in the value in this cookie territory by resolving HTTP, then need to steal chain protection mark for this request generates and distributes.
Steal chain protection mark to be generated by preposition gateway, preposition gateway extracts client-requested time T
reqwith the access originator S of WEB service
ip, those skilled in the art personnel clearly can understand to generate by hash algorithm or encryption and other coded systems and steal chain protection mark L
hash.Generate after stealing chain protection mark, preposition gateway is distributed this mark, and by http response conditional code, preposition gateway informs that this resource of client is transferred, need again to ask, and increases Set-Cookie territory in the response, by L simultaneously
hashthe field identified as cookie territory is set in head response, and in preposition gateway, steal chain protection mark L under first record
hash, access originator S
ipwith request time T
reqat robber's chain protection information list H
listin, will request resource again when client obtains this response, and chain protection mark L will be stolen
hashas in one section of content write request in Cookie territory, when client continues to access in this territory, all can by L
hashas the part in Cookie territory.
The extraction proof procedure of robber's chain protection mark of the present invention occurs in when client-requested protect types resource.
Stealing chain protection mark leaching process is that gateway therefrom can obtain the request header information H of client as agency
org, obtaining Cookie territory by resolving HTTP, from Cookie, extracting the field that gateway increases, from this field, extract codomain part be designated as L
hash-ex, from IP head, extract the source address S of client simultaneously
ip-exand verify.
Steal chain protection mark proof procedure for after obtaining corresponding information, verification method is as follows:
First resolve inquiry and steal chain protection information list H
list, judge whether exist and L in gateway
hash-exidentical L
hashvalue, if there is no identical L
hashvalue, then the request of this client to this resource is rejected (namely returning 403forbidden), if there is identical L
hashvalue, then compare further,
By the S extracted
ip-exwith the S preserved in gateway
ipcompare, if not identical, then the request of this client to this resource is rejected, if identical, then compares further,
Get current time T
curwith the T preserved in gateway
reqtime compares, setup times span variable T
deltaif, T
reqwith T
curtime span difference be greater than T
delta, then think that this request exceeds scheduled visit time limit, this client will be rejected the request of this resource, delete tlv triple record L corresponding with it in gateway simultaneously
hash, T
req, S
ipif, T
reqwith T
curtime span be less than or equal to T
delta, then think that this request meets all conditions stealing chain protection mark proof procedure, and by this request forward to the Web site of gateway proxy.
Robber's chain guard system based on preposition gateway provided by the invention, functionally mainly comprises: configuration module, robber's chain protection mark generation distribution module, robber's chain protect marker extraction authentication module.
Configuration module major function carries out the configuration that Web site steals chain protection object.
It is generate non-robber's chain protection object and distribute to steal chain protection mark that robber's chain protection mark generates distribution module major function, and chain protection mark, client address and client-requested time three partial information are stolen in preservation in a gateway simultaneously.
Stealing chain protection marker extraction authentication module major function is extract to steal chain protection mark and client address from client-requested, carry out robber's chain protection identity verification, client address checking and the expired checking of request time simultaneously, thus confirm whether this request is transmitted to Web site.
That a kind of WEB of the present invention steals gateway system composition and function distribution schematic diagram in chain means of defence one embodiment as shown in Figure 1, by gateway deployment between client and Web service, gateway plays agency's effect, make client can not walk around gateway and directly access Web service, and replace when stealing chain and occurring server to refuse to provide resource response to client.
Be that a kind of WEB of the present invention steals gateway system logical execution flow schematic diagram in chain means of defence one embodiment as shown in Figure 2, for stealing using and perform step and being of chain protection gateway:
1. pair gateway is configured setting, and after setting up, gateway will distinguish non-hot link protection object and hot link protection object, and such as hot link protection object is avi, jpg, gif, bmp, rmvb etc., other be non-hot link protection object, as html etc.
2. if the non-hot link protection object resource of client-requested, such as http://www.example.com/example.html, comprises the link of hotlink.avi file in this resource, request time stamp T
reqbe 1355821176, client source S
ipfor 192.168.1.22, then this request is performed and steals chain protection mark generation distribution module:
A) steal chain protection mark for request resource generates, calculate L
hash=H (T
req, S
ip), chain protection mark L will be stolen
hash, client source address S
ipand client-requested time T
reqbe kept at and steal in chain protection information list;
B) the HTTP Status generated in redirect response head response for client is set to 302, and by client-requested
http:// www.example.com/example.htmlbe set to resource transfers address, and add Set-Cookie territory in the response, chain protection mark L will be stolen
hashwrite this territory;
C) resource request process is next time waited for.
3. if client-requested hot link protection object resource (now object has added Set-Cookie territory), then perform and steal chain protection marker extraction authentication module:
A) extract the Cookie domain information in request resource, parse and steal chain protection mark L
hashwith client address information S
ip, resolve and unsuccessfully reply denied access resource response directly to client;
B) traversal steals chain protection information list, judges whether to there is this robber's chain protection mark L
hashif exist and carry out next step, otherwise reply denied access resource response directly to client;
C) client address S is judged
ipwhether with steal chain and protect the client address preserved in information list and 192.168.1.22 matches, if coupling carries out next step, otherwise directly to client reply denied access resource response;
D) judge that whether client resource request is expired, if not out of date, the resource request of client is transmitted to Web site, otherwise reply denied access resource response directly to client;
E) resource request process is next time waited for.
Claims (10)
1. WEB steals a chain means of defence, and its step comprises:
1) between client and WEB server, set up a preposition gateway, described preposition gateway is the file type of the WEB server configuration robber chain protection of its agency, starts and steal chain safeguard function after configuration take-effective;
2) described preposition gateway judges resource request whether in described robber's chain protection document type according to the request type of described client; If 2-1) type of request resource is included in the file type configured, then described preposition gateway is refused according to setting rule or accepts request;
If 2-2) type of request resource is not included in the file type configured, then described preposition gateway according to setting rule request client again resource request add robber's chain protection mark of described preposition gateway distribution simultaneously;
3) extraction checking is carried out, by the satisfied resource request imposed a condition from described preposition gateway forwards to this WEB server to described robber's chain protection mark.
2. WEB as claimed in claim 1 steals chain means of defence, it is characterized in that, described step 2-1) described preposition gateway is according to following setting rule refusal or accept request:
2-1-1) described preposition gateway checks this resource request head, if this request header comprises robber's chain protection mark that gateway is distributed, is responded by request forward to true Web site;
If 2-1-2) this request header does not comprise robber's chain protection mark, replacement server end from dynamic response, thinks that this access is abnormal access and refuses to client.
3. WEB as claimed in claim 1 steals chain means of defence, it is characterized in that, described step 2-2) described preposition gateway according to following rule request client again resource request add robber's chain protection mark of described preposition gateway distribution simultaneously:
If 2-2-1) be not included in the file type configured, and this request header comprises robber's chain protection mark that gateway distributes then is responded to true Web site by request forward;
If 2-2-2) this request header does not comprise robber's chain protection mark, preposition gateway replaces WEB server to client from dynamic response redirect response code; Require that client asks this resource again, and while request, add robber's chain protection mark of function Access Gateway distribution;
2-2-3) when client asks this resource again, add in request header and steal chain protection mark;
If 2-2-4) comprise when loading can stolen chain resource for the resource of client-access, then will enter described step 2-1) in process.
4. WEB steals chain means of defence as claimed in claim 2 or claim 3, it is characterized in that, described preposition gateway obtains the request header information of client, cookie territory is obtained by resolving HTTP, if do not comprise gateway in this cookie thresholding to generate and the field of distributing, then need to steal chain protection mark for this request generates and distributes.
5. WEB as claimed in claim 1 steals chain means of defence, it is characterized in that, steals chain protection mark and is generated by hash algorithm or cipher mode.
6. WEB as claimed in claim 1 steals chain means of defence, it is characterized in that, it is as follows that described robber's chain protection mark carries out extraction checking:
A) resolve inquiry and steal chain protection information list, judge that whether there is robber's chain identical with field codomain in gateway protects ident value, if there is no identical robber's chain protection ident value, then the request of this client to this resource is rejected;
If b) there is identical robber's chain protection ident value, compared the access originator address of preserving in the client source address of extraction and preposition gateway, if not identical, then the request of this client to this resource is rejected,
C) get the time of preserving in current time and preposition gateway to identical client source address to compare, setup times span variable,
If the time span difference of preserving in current time and preposition gateway is greater than time span variable, then judge that this request exceeds scheduled visit time limit, this client will be rejected the request of this resource,
If the time span difference of preserving in current time and preposition gateway is less than time span variable, then judge that this request meets all conditions stealing chain protection mark proof procedure, and by this request forward to the Web site of gateway proxy.
7. WEB as claimed in claim 6 steals chain means of defence, it is characterized in that, described step c) in delete simultaneously tlv triple record corresponding with it in gateway steal preserve in chain protection ident value, preposition gateway time, access originator address.
8. WEB as claimed in claim 1 steals chain means of defence, it is characterized in that, when the non-robber's chain protection object resource of client-requested, robber's chain of generation protection mark, client address and client-requested time write in the mode of tlv triple in robber's chain protection information list of gateway and preserve by gateway.
9. WEB as claimed in claim 1 steals chain means of defence, it is characterized in that, when the non-robber's chain protection object resource of client-requested, chain protection mark is stolen in generation by gateway, by replying special head response to client, make client will ask this resource again, robber's chain protection mark is joined in client-requested head simultaneously.
10. robber's chain guard system of preposition gateway, comprising: be located at based on the gateway configuration module in preposition net, steal chain protection mark generation distribution module and steal chain protection marker extraction authentication module;
Described configuration module, steals the configuration of chain protection object for carrying out Web site, described preposition gateway judges resource request whether in described robber's chain protection document type according to the request type of client;
Described robber's chain protection mark generates distribution module, and steal chain protection mark for generating non-robber's chain protection object and distributing, chain protection mark, client address and client-requested time three partial information are stolen in preservation in a gateway simultaneously;
Described robber's chain protection marker extraction authentication module, chain protection mark and client address is stolen for extracting from client-requested, carry out robber's chain protection identity verification, client address checking and the expired checking of request time simultaneously, confirm whether this request is transmitted to Web site.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310021832.7A CN103067409B (en) | 2013-01-21 | 2013-01-21 | A kind of WEB steals chain means of defence and gateway system thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310021832.7A CN103067409B (en) | 2013-01-21 | 2013-01-21 | A kind of WEB steals chain means of defence and gateway system thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103067409A CN103067409A (en) | 2013-04-24 |
| CN103067409B true CN103067409B (en) | 2015-10-14 |
Family
ID=48109869
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310021832.7A Active CN103067409B (en) | 2013-01-21 | 2013-01-21 | A kind of WEB steals chain means of defence and gateway system thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103067409B (en) |
Families Citing this family (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103701796A (en) * | 2013-12-23 | 2014-04-02 | 山东中创软件商用中间件股份有限公司 | Hotlink protection system and method on basis of HASH technology |
| US10212166B2 (en) | 2014-03-24 | 2019-02-19 | Huawei Technologies Co., Ltd. | File downloading method, apparatus, and system |
| CN103986735B (en) * | 2014-06-05 | 2017-04-19 | 北京赛维安讯科技发展有限公司 | CDN (content distribution network) antitheft system and antitheft method |
| CN104135507B (en) * | 2014-06-30 | 2018-01-16 | 北京奇艺世纪科技有限公司 | A kind of method and apparatus of door chain |
| CN105721411A (en) * | 2015-05-15 | 2016-06-29 | 乐视云计算有限公司 | Method for preventing hotlinking, server and client terminalfor preventing hotlinking |
| CN105897455A (en) * | 2015-11-16 | 2016-08-24 | 乐视云计算有限公司 | Function management configuration server operation detecting method, legitimate client, CDN node and system |
| CN107294927A (en) * | 2016-04-05 | 2017-10-24 | 北京优朋普乐科技有限公司 | Anti-stealing link method, device and system based on the network terminal |
| CN107493250B (en) * | 2016-06-12 | 2020-08-04 | 阿里巴巴集团控股有限公司 | Method, client and server for authenticating webpage request |
| CN106599622A (en) * | 2016-12-06 | 2017-04-26 | 福建中金在线信息科技有限公司 | Method and device for filtering application software interface program |
| CN108574686B (en) * | 2017-05-17 | 2021-08-06 | 北京金山云网络技术有限公司 | Method and device for previewing file online |
| CN109413000B (en) * | 2017-08-15 | 2021-06-18 | 刘其星 | Anti-stealing-link method and anti-stealing-link network relation system |
| CN107911336B (en) * | 2017-10-09 | 2022-02-25 | 西安交大捷普网络科技有限公司 | WEB hotlinking protection method |
| CN110392022B (en) * | 2018-04-19 | 2022-04-05 | 阿里巴巴集团控股有限公司 | Network resource access method, computer equipment and storage medium |
| CN109446823A (en) * | 2018-09-30 | 2019-03-08 | 天津字节跳动科技有限公司 | Preview file method, apparatus, electronic equipment and readable storage medium storing program for executing |
| CN109246127B (en) * | 2018-10-12 | 2021-05-28 | 上海哔哩哔哩科技有限公司 | Safe sharing control method and system for audio resources |
| CN109525613B (en) * | 2019-01-16 | 2021-11-09 | 湖南快乐阳光互动娱乐传媒有限公司 | Request processing system and method |
| CN111404898B (en) * | 2020-03-06 | 2021-03-23 | 北京创世云科技有限公司 | Anti-stealing-link method and device, storage medium and electronic equipment |
| CN112118319B (en) * | 2020-09-22 | 2023-06-09 | 国网数字科技控股有限公司 | Network URL resource processing method and system |
| CN114499912A (en) * | 2020-11-13 | 2022-05-13 | 北京金山云网络技术有限公司 | Anti-stealing-link method and device and electronic equipment |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102752300A (en) * | 2012-06-28 | 2012-10-24 | 用友软件股份有限公司 | Dynamic antitheft link system and dynamic antitheft link method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI237484B (en) * | 2003-07-25 | 2005-08-01 | Hon Hai Prec Ind Co Ltd | Systems and method of authentication network |
-
2013
- 2013-01-21 CN CN201310021832.7A patent/CN103067409B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102752300A (en) * | 2012-06-28 | 2012-10-24 | 用友软件股份有限公司 | Dynamic antitheft link system and dynamic antitheft link method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103067409A (en) | 2013-04-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103067409B (en) | A kind of WEB steals chain means of defence and gateway system thereof | |
| CN109413000B (en) | Anti-stealing-link method and anti-stealing-link network relation system | |
| Le Blond et al. | One Bad Apple Spoils the Bunch: Exploiting {P2P} Applications to Trace and Profile Tor Users | |
| CN103944900B (en) | It is a kind of that attack prevention method and its device are asked across station based on encryption | |
| US20210014246A1 (en) | In-stream malware protection | |
| CN109756337B (en) | Secure access method and device for service interface | |
| Holowczak et al. | Cachebrowser: Bypassing chinese censorship without proxies using cached content | |
| US20150170072A1 (en) | Systems and methods for managing network resource requests | |
| CN101075866B (en) | Method and system for loading message on Internet | |
| US9210215B2 (en) | Distribution system and method of distributing content files | |
| CN103179134A (en) | Single sign on method and system based on Cookie and application server thereof | |
| CN105721411A (en) | Method for preventing hotlinking, server and client terminalfor preventing hotlinking | |
| US8370620B2 (en) | Distribution system and method of distributing content files | |
| CN103229181A (en) | Protecting websites and website users by obscuring URLs | |
| CN105704139A (en) | RTMP protocol-based streaming media service user authentication method | |
| Chaudhary et al. | Auditing defense against XSS worms in online social network-based web applications | |
| CN107911336B (en) | WEB hotlinking protection method | |
| US20180150877A1 (en) | 3rd party request-blocking bypass layer | |
| CN106101133A (en) | A kind of method and system of Streaming Media door chain | |
| CN107948235A (en) | Cloud data safety management and audit device based on JAR | |
| Bauer et al. | BitBlender: Light-weight anonymity for BitTorrent | |
| CN114374862A (en) | EPG webpage security access system and method based on IPTV | |
| Peng et al. | An effective method for combating malicious scripts clickbots | |
| Queiroz et al. | Breach of internet privacy through the use of cookies | |
| Benelli | Towards User Privacy for Subscription Based Services |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |