CN103634305A - Website firewall recognition method and equipment - Google Patents
Website firewall recognition method and equipment Download PDFInfo
- Publication number
- CN103634305A CN103634305A CN201310575322.4A CN201310575322A CN103634305A CN 103634305 A CN103634305 A CN 103634305A CN 201310575322 A CN201310575322 A CN 201310575322A CN 103634305 A CN103634305 A CN 103634305A
- Authority
- CN
- China
- Prior art keywords
- compartment wall
- fire compartment
- website
- response message
- information relevant
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a website firewall recognition method and equipment. The method comprises the steps: sending an HTTP (Hyper Text Transport Protocol) request to a website; receiving response information returned by the website; obtaining information related to a firewall in the response information; recognising the firewall according to the information related to the firewall. With the adoption of the website firewall recognition method and equipment, the inconvenience in recognition caused by difference of mechanisms of firewalls can be solved, and the firewall used by the website can be accurately recognised.
Description
Technical field
The present invention relates to Internet technical field, particularly relate to recognition methods and the equipment of a kind of website fire compartment wall.
Background technology
Along with the development of Internet technology, network security also more and more comes into one's own, and nowadays, the main factor that affects network security is the attack that comes from hacker.At present, the attack for fear of hacker to website, most website is provided with fire compartment wall, and this is to a certain extent for web portal security provides favourable guarantee.
But, in the fire compartment wall that current web is used, still have part fire compartment wall because the leak that itself designs exists security risk.Therefore, when user conducts interviews to website, need to identify this website and whether use fire compartment wall, and the kind of using fire compartment wall, user to user, point out the fire compartment wall that this website is used whether to have security risk more afterwards, so that can adopt remedial measure.
Because the mechanism of existing fire compartment wall is not quite similar, caused every kind of fire compartment wall to have different recognition methodss, therefore, how to identify accurately the fire compartment wall that website is used, correlation technique is still unrealized.
Summary of the invention
In view of the above problems, the present invention has been proposed to a kind of overcome the problems referred to above or the recognition methods that is suitable for website fire compartment wall addressing the above problem at least in part and equipment are correspondingly provided.
According to one aspect of the present invention, the recognition methods of a kind of website fire compartment wall is provided, comprising:
To website, send HTTP request;
Receive the response message that website is returned;
Obtain the information relevant to fire compartment wall in response message;
According to the information relevant to fire compartment wall, identification fire compartment wall.
Alternatively, to website, send HTTP request, comprising:
To the URL(Uniform Resource Locator of website, URL(uniform resource locator)) transmission GET request;
Obtain the information relevant to fire compartment wall in response message, comprising:
Obtain the information relevant to fire compartment wall in the head of the response message for GET request that website returns.
Alternatively, to website, send HTTP request, comprising:
From index database, extract a link of website, structure cross-site scripting attack (XSS) leak test request;
Cross-site scripting attack (XSS) leak test request is sent to website;
Obtain the information relevant to fire compartment wall in response message, comprising:
Obtain the head of the response message for cross-site scripting attack (XSS) leak test request of returning website and/or the information relevant to fire compartment wall in content.
Alternatively, to website, send HTTP request, comprising:
With preset frequency, to website, send leak test request;
Obtain the information relevant to fire compartment wall in response message, comprising:
Obtain the head of the response message for leak test request of returning website and/or the information relevant to fire compartment wall in content.
Alternatively, according to the information relevant to fire compartment wall, identification fire compartment wall, comprising:
According to the preset information relevant to fire compartment wall and the corresponding relation of fire compartment wall, identification fire compartment wall.
Alternatively, the information relevant to fire compartment wall comprises:
The characteristic information of the specific part extracting from response message.
According to one aspect of the present invention, a kind of identification equipment of fire compartment wall is also provided, comprising:
Request transmitter, is configured to send to website HTTP request;
Response receiver, is configured to receive the response message that website is returned;
Acquisition of information device, is configured to obtain the information relevant to fire compartment wall in response message;
Fire compartment wall identifier, is configured to according to the information relevant to fire compartment wall, identification fire compartment wall.
Alternatively, request transmitter is also configured to the URL transmission GET request of website;
Correspondingly, acquisition of information device is also configured to obtain the information relevant to fire compartment wall in the head of the response message for GET request of returning website.
Alternatively, request transmitter is also configured to extract a link of website from index database, structure cross-site scripting attack (XSS) leak test request, and cross-site scripting attack (XSS) leak test request is sent to website;
Correspondingly, acquisition of information device is also configured to obtain the head of the response message for cross-site scripting attack (XSS) leak test request of returning website and/or the information relevant to fire compartment wall in content.
Alternatively, request transmitter is also configured to send to website with preset frequency leak test request;
Correspondingly, acquisition of information device is also configured to obtain the head of the response message for leak test request of returning website and/or the information relevant to fire compartment wall in content.
Alternatively, fire compartment wall identifier is also configured to according to the preset information relevant to fire compartment wall and the corresponding relation of fire compartment wall, identification fire compartment wall.
Alternatively, the information relevant to fire compartment wall comprises:
The characteristic information of the specific part extracting from response message.
The invention provides the recognition methods of a kind of website fire compartment wall, by send HTTP to website, ask and receive the response message that website is returned, obtain the information relevant to fire compartment wall in response message, thereby can identify the fire compartment wall that website is used according to the information relevant to fire compartment wall.This RM has versatility, can solve because the mechanism of fire compartment wall is different, causes identifying inconvenient problem, can identify exactly the fire compartment wall that website is used.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to better understand technological means of the present invention, and can be implemented according to the content of specification, and for above and other objects of the present invention, feature and advantage can be become apparent, below especially exemplified by the specific embodiment of the present invention.
Accompanying drawing explanation
By reading below detailed description of the preferred embodiment, various other advantage and benefits will become cheer and bright for those of ordinary skills.Accompanying drawing is only for the object of preferred implementation is shown, and do not think limitation of the present invention.And in whole accompanying drawing, by identical reference symbol, represent identical parts.In the accompanying drawings:
Fig. 1 is the recognition methods flow chart of a kind of according to an embodiment of the invention website fire compartment wall;
Fig. 2 is the concrete recognition methods flow chart of the first website fire compartment wall according to an embodiment of the invention;
Fig. 3 is the head response information schematic diagram in the http response information that website is returned according to an embodiment of the invention;
Fig. 4 is the concrete recognition methods flow chart of the second website fire compartment wall according to an embodiment of the invention;
Fig. 5 is the concrete recognition methods flow chart of the third website fire compartment wall according to an embodiment of the invention;
Fig. 6 is a kind of structured flowchart of identification equipment of fire compartment wall according to an embodiment of the invention.
Embodiment
Exemplary embodiment of the present disclosure is described below with reference to accompanying drawings in more detail.Although shown exemplary embodiment of the present disclosure in accompanying drawing, yet should be appreciated that and can realize the disclosure and the embodiment that should do not set forth limits here with various forms.On the contrary, it is in order thoroughly to understand the disclosure that these embodiment are provided, and can by the scope of the present disclosure complete convey to those skilled in the art.
Embodiment mono-
The embodiment of the present invention provides the recognition methods of a kind of website fire compartment wall.The method is improved identifying the equipment of fire compartment wall.For example, the equipment in the present embodiment can be PC(Personal Computer, personal computer), mobile phone, the subscriber terminal equipments such as Hand Personal Computer.
Fig. 1 is the recognition methods flow chart of a kind of according to an embodiment of the invention website fire compartment wall, the method comprising the steps of S102 to S106.
S102, sends HTTP request to website.
S104, receives the response message that website is returned, and obtains the information relevant to fire compartment wall in response message.
S106, according to the information relevant to fire compartment wall, identification fire compartment wall.
The embodiment of the present invention provides the recognition methods of a kind of website fire compartment wall, by send HTTP to website, ask and receive the response message that website is returned, obtain the information relevant to fire compartment wall in response message, thereby can identify the fire compartment wall that website is used according to the information relevant to fire compartment wall.This RM has versatility, can solve because the mechanism of fire compartment wall is different, causes identifying inconvenient problem, can identify exactly the fire compartment wall that website is used.
Embodiment bis-
The present embodiment is a kind of concrete application scenarios of above-described embodiment one, by the present embodiment, can set forth clearer, particularly method provided by the present invention.When realizing the method that the present embodiment provides, can carry out the identification of website fire compartment wall by the equipment of identification fire compartment wall.
As the refinement of above-described embodiment one, the present embodiment provides the concrete recognition methods of three kinds of website fire compartment walls.These three kinds of methods are can carry out respectively and mutually independently, specifically introduce the concrete recognition methods of these three kinds of website fire compartment walls below in conjunction with accompanying drawing.
It should be noted that, for part website, toward website, send a HTTP request, as in its response message just with firewall information, directly take out this information, identify corresponding fire compartment wall, for those websites, can only by the first method of following introduction, identify website fire compartment wall.
Fig. 2 is the concrete recognition methods flow chart of the first website fire compartment wall according to an embodiment of the invention, the method comprising the steps of S201 to S204.
First, by the said equipment, perform step S201, the website URL to user's current accessed sends GET request.
Wherein, GET request is a kind of in HTTP request, and GET request is a kind of request of data of asking for to server.Conventionally, the parameter of GET request can be followed after URL and be transmitted, and after the data of request can be attached to URL, with " ", cuts apart URL and transmission data, between parameter, with " & ", be connected, the ASCII that " XX " in " %XX " represents with 16 systems for this symbol, if data are English alphabet/numerals, former state sends, if space, be converted to "+", if Chinese or other characters are directly encrypted character string with BASE64.
In addition, the data of GET transmission have size restriction, because GET submits data to by URL, so the data volume that GET can submit to is relevant with the length of URL, different browsers is different to the length restriction of URL.
Corresponding response message can be resolved and return to Website server after receiving this GET request.
Then, the equipment of identification fire compartment wall continues execution step S202, receives the response message for this GET request that Website server returns, and this response message is resolved, and judge in response message, whether to include the information relevant to fire compartment wall.If comprise the information that fire compartment wall is relevant, perform step S203, if do not comprise, end operation.
In http response information, comprise state code, head response and response text three parts.Conventionally, the firewall information of website can write in the head response of http response information, so, when whether step S202 includes the information relevant to fire compartment wall in judging response message, can be directly by judging whether the head of response message includes the information relevant to fire compartment wall and realize.Wherein, the information relevant to fire compartment wall is the characteristic information of the specific part extracting in response message.
Alternatively, if the head of response message comprises as information such as Server:TbGf4/X.X.X, Server:xxxWAF or Server:xxxFirewall, illustrate and in this header information, comprised the information relevant to fire compartment wall.
In order more clearly to describe the mentioned information relevant to fire compartment wall of the present embodiment, the present embodiment also provides Fig. 3, has shown the head response information schematic diagram in the http response information of returning a website.Wherein, the information relevant to fire compartment wall comprising in Fig. 3 is Server:Safe3Web Firewall.
S203 extracts the information relevant to fire compartment wall in the above-mentioned response message for this GET request.After having extracted the information relevant to fire compartment wall, continue execution step S204, according to the information relevant to fire compartment wall of obtaining, the type of identification fire compartment wall.
In the present embodiment, in this locality, can store the type list of a fire compartment wall, preset the information relevant to fire compartment wall and the corresponding relation of fire compartment wall, therefore can find the corresponding fire compartment wall type of the information relevant to fire compartment wall according to this fire compartment wall type table.
For example, the firewall information that step S203 extracts is Server:TbGf4/X.X.X, and the type that this fire compartment wall is described is website bodyguard.
Also it should be noted that; when taking said method not get the relevant information of website fire compartment wall, in order further to guarantee to get the information that website fire compartment wall is relevant, can also carry out based on the above method the second method that the present embodiment provides.
In addition, also it should be noted that, for part website, its fire compartment wall mainly protects website leak, so construct XSS leak test request, send in the past, as in its response message with firewall information, can directly take out this information, and identify corresponding fire compartment wall type, for those websites, can only by the second method of following introduction, identify website fire compartment wall.
Lower mask body is introduced the second method that the present embodiment provides, and Fig. 4 is the concrete recognition methods flow chart of the second website fire compartment wall according to an embodiment of the invention, the method comprising the steps of S301 to S304.
First, perform step S301, from index database, extract a link of current accessed website, structure XSS(Cross Site Scripting, cross-site scripting attack) leak test request, and this XSS leak test request is sent to this website.
In the present embodiment, the web site url extracting in index database can be any link under current site.When structure XSS leak test request, can utilize <script> ... </script>, <iframe> ... the functions such as the labels such as </iframe> and alret are constructed a series of data, and then the data of this structure and being connected under the above-mentioned current site shifting to an earlier date are combined, can obtain for testing the test URL of XSS leak, this URL is XSS leak test request.
For example, being linked as under the current site, shifting to an earlier date in the present embodiment:
webscan.XXX.cn/a/a.php?a=1
Be configured to XSS test URL:
webscan.XXX.cn/a/a.php?a=1<script>alert(123)</script>)。
Wherein, XXX.cn is the domain name of this website.
It should be noted that, if fire compartment wall is not installed in website, comparatively easily occur XSS leak, so that be easily subject to the attack of malicious code.
Corresponding response message can be resolved and return to Website server after receiving this XSS leak test request.
Then, the equipment of identification fire compartment wall continues execution step S302, receives the response message for XSS leak test request that Website server returns, and this response message is resolved, and judge in response message, whether to include the information relevant to fire compartment wall.If comprise the information that fire compartment wall is relevant, perform step S303, if do not comprise, end operation.
Different from above-mentioned first method is, when whether step S302 includes the information relevant to fire compartment wall in judging response message, not only can by judging whether the head of response message includes the information relevant to fire compartment wall and realize, also can be by judging whether the text of response message includes the information relevant to fire compartment wall and realize.Wherein, as long as there is the information relevant to fire compartment wall in head or text message at least one, determine in response message and comprise the information that fire compartment wall is relevant.
It should be noted that, step S302 searches in the head of response message whether to comprise the method for the information relevant with fire compartment wall identical with the method for step S202.And search in the text of response message, whether to comprise the information relevant to fire compartment wall be exactly to check whether the content the inside return comprises fire compartment wall interception characteristic information, for example, the content that the safety dog interception page returns comprises: web portal security dog .*www.safedog.cn.
S303, extracts the information relevant to fire compartment wall above-mentioned in for the response message of XSS leak test request.After having extracted the information relevant to fire compartment wall, continue execution step S304, according to the information relevant to fire compartment wall of obtaining, the type of identification fire compartment wall.
Similarly, in this locality, can store the type list of a fire compartment wall, preset the information relevant to fire compartment wall and the corresponding relation of fire compartment wall, therefore can find the corresponding fire compartment wall type of the information relevant to fire compartment wall according to this fire compartment wall type table.
For example, the firewall information that step S303 extracts is Server:TbGf4/X.X.X, and the type that this fire compartment wall is described is website bodyguard.
Also it should be noted that; when taking said method not get the relevant information of website fire compartment wall, in order further to guarantee to get the information that website fire compartment wall is relevant, can also carry out based on the above method the third method that the present embodiment provides.
Also it should be noted that, for part website, its fire compartment wall Main Function is to prevent that DDOS/CC from attacking, if frequently sent request to it, for example within one minute, sent N(N and exceeded the access frequency that this website can be accepted) inferior HTTP request, fire compartment wall is confirmed to be the attack to server, now, can directly from its response message, take out firewall information, identify corresponding fire compartment wall type, for those websites, can only by the third method of following introduction, identify website fire compartment wall.
Lower mask body is introduced the third method that the present embodiment provides, and Fig. 5 is the concrete recognition methods flow chart of the third website fire compartment wall according to an embodiment of the invention, the method comprising the steps of S401 to S407.
First, execution step S401, the website transmission leak test request with preset frequency to current accessed.In the present embodiment, can within one minute, send leak test request 60 times, at this moment, server thinks that website is subject to DDOS/CC and attacks, and now, fire compartment wall is taked protection behavior to above-mentioned attack, and returns to response message.
Then, the equipment of identification fire compartment wall continues execution step S402, and the response message of the leak test request for continuous transmission that reception Website server returns, resolves this response message, and obtain the state code in each response message.
Above-mentioned mentioning comprises state code, head response and response text three parts in http response information.Wherein, state code has represented whether request is understood or is satisfied, and different state codes has represented different implications.For example, when state code is 204, the request of having represented is received, but return information is empty.
S403, whether the state code that obtains of judgement is continuous special code, if so, continues execution step S404, if not, end operation.
When server, think that while receiving that DDOS/CC attacks, the state code returning is special code, expression can not accept request, and during as special code 403, statement disable access, during special code 500, represents server error.
S404, judgement occurs whether the number of times of special state code surpasses preset times continuously.If exceed preset times, continue execution step S405, if do not surpass preset times, end operation.
Alternatively, preset times can be set to 20 times, if special code 403 has appearred 30 times in this step S404 continuously, has exceeded preset times, now continues execution step S405.
S405, judges in response message, whether to include the information relevant to fire compartment wall.If comprise the information that fire compartment wall is relevant, perform step S406, if do not comprise, end operation.
It should be noted that, when whether step S405 includes the information relevant to fire compartment wall in judging response message, not only can by judging whether the head of response message includes the information relevant to fire compartment wall and realize, also can be by judging whether the text of response message includes the information relevant to fire compartment wall and realize.Wherein, as long as there is the information relevant to fire compartment wall in head or text message at least one, determine in response message and comprise the information that fire compartment wall is relevant.
Step S405 searches in the head of response message whether to comprise the method for the information relevant with fire compartment wall identical with the method for step S202.And search in the text of response message, whether to comprise the information relevant to fire compartment wall be exactly to check whether the content the inside return comprises fire compartment wall interception characteristic information.
S406 extracts the information relevant to fire compartment wall in the response message for leak test request.After having extracted the information relevant to fire compartment wall, continue execution step S407, according to the information relevant to fire compartment wall of obtaining, the type of identification fire compartment wall.
It should be noted that the recognition methods of the above-mentioned three kinds of fire compartment walls that provide in embodiment bis-all can be carried out fire compartment wall identification.Preferred execution sequence is method one, method two and method three, but also can use separately, or with other order, carries out successively the identification of fire compartment wall.
The embodiment of the present invention provides the recognition methods of a kind of website fire compartment wall, by send HTTP to website, ask and receive the response message that website is returned, obtain the information relevant to fire compartment wall in response message, thereby can identify the fire compartment wall that website is used according to the information relevant to fire compartment wall.This RM has versatility, can solve because the mechanism of fire compartment wall is different, causes identifying inconvenient problem, can identify exactly the fire compartment wall that website is used.
Embodiment tri-
Fig. 6 is the structured flowchart of the identification equipment of a kind of fire compartment wall of providing of one embodiment of the invention, and this equipment 600 comprises:
Request transmitter 610, is configured to send to website HTTP request;
Response receiver 620, is configured to receive the response message that website is returned;
Acquisition of information device 630, is configured to obtain the information relevant to fire compartment wall in response message;
Fire compartment wall identifier 640, is configured to according to the information relevant to fire compartment wall, identification fire compartment wall.
Alternatively, request transmitter 610 is also configured to the uniform resource position mark URL transmission GET request of website;
Correspondingly, acquisition of information device 630 is also configured to obtain the information relevant to fire compartment wall in the head of the response message for GET request of returning website.
Alternatively, request transmitter 610 is also configured to extract a link of website from index database, structure cross-site scripting attack (XSS) leak test request, and cross-site scripting attack (XSS) leak test request is sent to website;
Correspondingly, acquisition of information device 630 is also configured to obtain the head of the response message for cross-site scripting attack (XSS) leak test request of returning website and/or the information relevant to fire compartment wall in content.
Alternatively, request transmitter 610 is also configured to send to website with preset frequency leak test request;
Correspondingly, acquisition of information device 630 is also configured to obtain the head of the response message for leak test request of returning website and/or the information relevant to fire compartment wall in content.
Alternatively, fire compartment wall identifier 640 is also configured to according to the preset information relevant to fire compartment wall and the corresponding relation of fire compartment wall, identification fire compartment wall.
Alternatively, the information relevant to fire compartment wall comprises:
The characteristic information of the specific part extracting from response message.
The embodiment of the present invention provides the identification equipment of a kind of website fire compartment wall, by send HTTP to website, ask and receive the response message that website is returned, obtain the information relevant to fire compartment wall in response message, thereby can identify the fire compartment wall that website is used according to the information relevant to fire compartment wall.This identification equipment has versatility, can solve because the mechanism of fire compartment wall is different, causes identifying inconvenient problem, can identify exactly the fire compartment wall that website is used.
C11. according to the equipment described in any one in 7-10, wherein, described fire compartment wall identifier is also configured to, according to the corresponding relation of the relevant information of preset described and fire compartment wall and described fire compartment wall, identify described fire compartment wall.
C12. according to the equipment described in any one in 7-10, wherein, the described information relevant to fire compartment wall comprises: the characteristic information of the specific part extracting from response message.
In the specification that provided herein, a large amount of details have been described.Yet, can understand, embodiments of the invention can not put into practice in the situation that there is no these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand one or more in each inventive aspect, in the above in the description of exemplary embodiment of the present invention, each feature of the present invention is grouped together into single embodiment, figure or sometimes in its description.Yet, the method for the disclosure should be construed to the following intention of reflection: the present invention for required protection requires than the more feature of feature of clearly recording in each claim.Or rather, as reflected in claims below, inventive aspect is to be less than all features of disclosed single embodiment above.Therefore, claims of following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and can the module in the equipment in embodiment are adaptively changed and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and can put them into a plurality of submodules or subelement or sub-component in addition.At least some in such feature and/or process or unit are mutually repelling, and can adopt any combination to combine all processes or the unit of disclosed all features in this specification (comprising claim, summary and the accompanying drawing followed) and disclosed any method like this or equipment.Unless clearly statement in addition, in this specification (comprising claim, summary and the accompanying drawing followed) disclosed each feature can be by providing identical, be equal to or the alternative features of similar object replaces.
In addition, those skilled in the art can understand, although embodiment more described herein comprise some feature rather than further feature included in other embodiment, the combination of the feature of different embodiment means within scope of the present invention and forms different embodiment.For example, in claims, the one of any of embodiment required for protection can be used with compound mode arbitrarily.
All parts embodiment of the present invention can realize with hardware, or realizes with the software module moved on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that and can use in practice microprocessor or digital signal processor (DSP) to realize the some or all functions according to the some or all parts in the identification equipment of the fire compartment wall of the embodiment of the present invention.The present invention for example can also be embodied as, for carrying out part or all equipment or device program (, computer program and computer program) of method as described herein.Realizing program of the present invention and can be stored on computer-readable medium like this, or can there is the form of one or more signal.Such signal can be downloaded and obtain from internet website, or provides on carrier signal, or provides with any other form.
It should be noted above-described embodiment the present invention will be described rather than limit the invention, and those skilled in the art can design alternative embodiment in the situation that do not depart from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and is not listed as element or step in the claims.Being positioned at word " " before element or " one " does not get rid of and has a plurality of such elements.The present invention can be by means of including the hardware of some different elements and realizing by means of the computer of suitably programming.In having enumerated the unit claim of some devices, several in these devices can be to carry out imbody by same hardware branch.The use of word first, second and C grade does not represent any order.Can be title by these word explanations.
So far, those skilled in the art will recognize that, although detailed, illustrate and described a plurality of exemplary embodiment of the present invention herein, but, without departing from the spirit and scope of the present invention, still can directly determine or derive many other modification or the modification that meets the principle of the invention according to content disclosed by the invention.Therefore, scope of the present invention should be understood and regard as and cover all these other modification or modifications.
Claims (10)
1. a recognition methods for website fire compartment wall, comprising:
To described website, send HTTP request;
Receive the response message that described website is returned;
Obtain the information relevant to fire compartment wall in described response message;
According to the described information relevant to fire compartment wall, identify described fire compartment wall.
2. method according to claim 1, wherein, described to described website transmission HTTP request, comprising:
Uniform resource position mark URL to described website sends GET request;
The described information relevant to fire compartment wall of obtaining in described response message, comprising:
Obtain the information relevant to fire compartment wall in the head of the response message for described GET request that described website returns.
3. method according to claim 1, wherein, described to described website transmission HTTP request, comprising:
From index database, extract a link of described website, structure cross-site scripting attack (XSS) leak test request;
Described cross-site scripting attack (XSS) leak test request is sent to described website;
The described information relevant to fire compartment wall of obtaining in described response message, comprising:
Obtain the head of the response message for described cross-site scripting attack (XSS) leak test request of returning described website and/or the information relevant to fire compartment wall in content.
4. method according to claim 1, wherein, described to described website transmission HTTP request, comprising:
With preset frequency, to described website, send leak test request;
The described information relevant to fire compartment wall of obtaining in described response message, comprising:
Obtain the head of the response message for described leak test request of returning described website and/or the information relevant to fire compartment wall in content.
5. according to the method described in any one in claim 1-4, wherein, according to the described information relevant to fire compartment wall, identify described fire compartment wall, comprising:
According to the corresponding relation of the relevant information of preset described and fire compartment wall and described fire compartment wall, identify described fire compartment wall.
6. according to the method described in any one in claim 1-4, wherein, the described information relevant to fire compartment wall comprises:
The characteristic information of the specific part extracting from response message.
7. an identification equipment for fire compartment wall, comprising:
Request transmitter, is configured to send to described website HTTP request;
Response receiver, is configured to receive the response message that described website is returned;
Acquisition of information device, is configured to obtain the information relevant to fire compartment wall in described response message;
Fire compartment wall identifier, is configured to, according to the described information relevant to fire compartment wall, identify described fire compartment wall.
8. equipment according to claim 7, wherein, the uniform resource position mark URL that described request transmitter is also configured to described website sends GET request;
Correspondingly, described acquisition of information device is also configured to obtain the information relevant to fire compartment wall in the head of the response message for described GET request of returning described website.
9. equipment according to claim 7, wherein, described request transmitter is also configured to extract a link of described website from index database, structure cross-site scripting attack (XSS) leak test request, and described cross-site scripting attack (XSS) leak test request is sent to described website;
Correspondingly, described acquisition of information device is also configured to obtain the head of the response message for described cross-site scripting attack (XSS) leak test request of returning described website and/or the information relevant to fire compartment wall in content.
10. equipment according to claim 7, wherein, described request transmitter is also configured to described website, send leak test request with preset frequency;
Correspondingly, described acquisition of information device is also configured to obtain the head of the response message for described leak test request of returning described website and/or the information relevant to fire compartment wall in content.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310575322.4A CN103634305B (en) | 2013-11-15 | 2013-11-15 | The recognition methods of website firewall and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310575322.4A CN103634305B (en) | 2013-11-15 | 2013-11-15 | The recognition methods of website firewall and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103634305A true CN103634305A (en) | 2014-03-12 |
| CN103634305B CN103634305B (en) | 2017-11-10 |
Family
ID=50214933
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310575322.4A Active CN103634305B (en) | 2013-11-15 | 2013-11-15 | The recognition methods of website firewall and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103634305B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016058489A1 (en) * | 2014-10-17 | 2016-04-21 | 阿里巴巴集团控股有限公司 | Method and device for providing access page |
| CN107634964A (en) * | 2017-10-13 | 2018-01-26 | 杭州迪普科技股份有限公司 | A kind of method of testing and device for WAF |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006131124A1 (en) * | 2005-06-10 | 2006-12-14 | Gatesweeper Solutions Inc. | Anti-hacker system with honey pot |
| US20090119769A1 (en) * | 2007-11-05 | 2009-05-07 | Microsoft Corporation | Cross-site scripting filter |
| CN101534289A (en) * | 2008-03-14 | 2009-09-16 | 华为技术有限公司 | Method, node device and system for traversing firewall |
| CN101873324A (en) * | 2010-06-22 | 2010-10-27 | 北京神州泰岳软件股份有限公司 | Method for passing through firewall |
| CN101938532A (en) * | 2010-09-17 | 2011-01-05 | 北京神州泰岳软件股份有限公司 | UDP-based method and system for penetrating through NAT equipment |
-
2013
- 2013-11-15 CN CN201310575322.4A patent/CN103634305B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006131124A1 (en) * | 2005-06-10 | 2006-12-14 | Gatesweeper Solutions Inc. | Anti-hacker system with honey pot |
| US20090119769A1 (en) * | 2007-11-05 | 2009-05-07 | Microsoft Corporation | Cross-site scripting filter |
| CN101534289A (en) * | 2008-03-14 | 2009-09-16 | 华为技术有限公司 | Method, node device and system for traversing firewall |
| CN101873324A (en) * | 2010-06-22 | 2010-10-27 | 北京神州泰岳软件股份有限公司 | Method for passing through firewall |
| CN101938532A (en) * | 2010-09-17 | 2011-01-05 | 北京神州泰岳软件股份有限公司 | UDP-based method and system for penetrating through NAT equipment |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016058489A1 (en) * | 2014-10-17 | 2016-04-21 | 阿里巴巴集团控股有限公司 | Method and device for providing access page |
| US10558807B2 (en) | 2014-10-17 | 2020-02-11 | Alibaba Group Holding Limited | Method and device for providing access page |
| CN107634964A (en) * | 2017-10-13 | 2018-01-26 | 杭州迪普科技股份有限公司 | A kind of method of testing and device for WAF |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103634305B (en) | 2017-11-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11709945B2 (en) | System and method for identifying network security threats and assessing network security | |
| CN102930211B (en) | A kind of multi-core browser intercepts method and the multi-core browser of malice network address | |
| US8646071B2 (en) | Method and system for validating site data | |
| CN102523218B (en) | Network safety protection method, equipment and system thereof | |
| US8869271B2 (en) | System and method for risk rating and detecting redirection activities | |
| CN108809890B (en) | Vulnerability detection method, test server and client | |
| CN101964025B (en) | XSS detection method and equipment | |
| CN103825895B (en) | A kind of information processing method and electronic equipment | |
| CN102739653B (en) | Detection method and device aiming at webpage address | |
| CN103207863B (en) | Page cross-domain alternation method and terminal | |
| CN105530127B (en) | A kind of method and proxy server of proxy server processing network access request | |
| CN109802919B (en) | Web page access intercepting method and device | |
| CN102917049A (en) | Method for showing information of visited website, browser and system | |
| CN103685290A (en) | Vulnerability scanning system based on GHDB | |
| CN108063833B (en) | HTTP DNS analysis message processing method and device | |
| CN110210231B (en) | Security protection method, system, equipment and computer readable storage medium | |
| CN102970282A (en) | Website security detection system | |
| CN104539605A (en) | Website XSS vulnerability detection method and equipment | |
| CN105635064A (en) | CSRF attack detection method and device | |
| CN103023869B (en) | Malicious attack prevention method and browser | |
| CN102801814A (en) | Internet access method, device and system | |
| CN104679798A (en) | Webpage detection method and device | |
| EP2854363A1 (en) | Polluting results of vulnerability scans | |
| CN114357457A (en) | Vulnerability detection method and device, electronic equipment and storage medium | |
| CN103634305A (en) | Website firewall recognition method and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20161209 Address after: 100015 Chaoyang District Road, Jiuxianqiao, No. 10, building No. 3, floor 15, floor 17, 1701-26, Applicant after: BEIJING QI'ANXIN SCIENCE & TECHNOLOGY CO., LTD. Address before: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park) Applicant before: Beijing Qihu Technology Co., Ltd. Applicant before: Qizhi Software (Beijing) Co., Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee after: Qianxin Technology Group Co., Ltd. Address before: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee before: BEIJING QI'ANXIN SCIENCE & TECHNOLOGY CO., LTD. |