CN104618352A - Script-based flow anti-brush method and system - Google Patents
Script-based flow anti-brush method and system Download PDFInfo
- Publication number
- CN104618352A CN104618352A CN201510021039.6A CN201510021039A CN104618352A CN 104618352 A CN104618352 A CN 104618352A CN 201510021039 A CN201510021039 A CN 201510021039A CN 104618352 A CN104618352 A CN 104618352A
- Authority
- CN
- China
- Prior art keywords
- access
- limit
- log
- script
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The invention provides a script-based flow anti-brush method. Every t minutes, an access log in the time period is taken out from a network log, and t is a positive integer; all accesses ip are taken out according to the access log; the access frequency of each access ip is counted; the ip with the access frequency of being greater than a limited quantity value is limited. The invention also provides a script-based flow anti-brush system, so the flow anti-brush is more thorough.
Description
Technical field
The present invention relates to the anti-brush method and system of a kind of flow based on script.
Background technology
Apache upper increase mod_evasive module the control of writing corresponding rule to realize to visit capacity, nginx upper increase HttpLimitZoneModule and HttpLimitReqModule module the control of writing corresponding rule to realize to visit capacity.
Shortcoming: 1, will go for different web services to write different rules, not have versatility;
2, can not limit according to system present load and current state status;
3, restriction can not be automatically terminated after limited subscriber.
Summary of the invention
The technical problem to be solved in the present invention, is to provide a kind of flow based on script anti-brush method and system, makes anti-brush flow more thorough.
One of the present invention program is achieved in that a kind of anti-brush method of flow based on script, comprises the steps:
Step 1, every t minute, from network log, take out the access log in this time period, t is positive integer;
Step 2, take out wherein all access ip according to described access log;
Step 3, count each access ip access times;
Step 4, access times are greater than limit the ip of value and limit.
Further, also comprise step 5, lift restrictions after h hour to the ip restriction of restriction, h is positive integer.
Further, step 4 is specially further: if do not limit access ip when system present load is less than limit value, otherwise access times are greater than the ip limiting value limit.
The present invention program's two is achieved in that the anti-brush system of a kind of flow based on script, comprises as lower module:
Obtain log pattern, every t minute, takes out the access log in this time period from network log, and t is positive integer;
Obtain ip module, take out wherein all access ip according to described access log;
Obtain access times module, count the access times of each access ip;
Limiting module, is greater than access times the ip limiting value and limits.
Further, also comprise the module that lifts restrictions, lift restrictions after limiting h hour to the ip of restriction, h is positive integer.
Further, limiting module is specially further: if do not limit access ip when system present load is less than limit value, otherwise access times are greater than the ip limiting value limit.
Tool of the present invention has the following advantages: versatility: realize based on script, no matter be that nginx or apache can use, need not remodify again; Dynamically the pressure state current according to system limits, and when access times are according to being greater than set point, but when system load is permitted, does not limit.
Accompanying drawing explanation
The present invention is further illustrated in conjunction with the embodiments with reference to the accompanying drawings.
Fig. 1 is the inventive method flowchart.
Embodiment
As shown in Figure 1, the present invention is based on the anti-brush method of flow of script, comprise the steps:
Step 1, every t minute, from network log, take out the access log in this time period, t is positive integer;
Step 2, take out wherein all access ip according to described access log;
Step 3, count each access ip access times;
If do not limit access ip when the present load of step 4 system is less than limit value, otherwise access times are greater than the ip limiting value limit;
Step 5, to limit after h hour lift restrictions to the ip of restriction, h is positive integer.
The present invention is based on the anti-brush system of flow of script, comprise as lower module:
Obtain log pattern, every t minute, takes out the access log in this time period from network log, and t is positive integer;
Obtain ip module, take out wherein all access ip according to described access log;
Obtain access times module, count the access times of each access ip;
Limiting module, if do not limit access ip when system present load is less than limit value, otherwise is greater than access times the ip limiting value and limits;
Lift restrictions module, and lift restrictions after limiting h hour to the ip of restriction, h is positive integer.
A kind of specific embodiment:
1. analyze apache daily record, take out the access log in last 3 minutes;
2. all access ip of this time are taken out according to this access log of 3 minutes;
3. the ip of this time period is sorted, count the access times of accessing each ip;
4. judge system current load situation, do not limit when system load allows, restriction flow process of walking downward during load height;
5. utilize iptables to carry out limiting and do not allow access the ip that access times are greater than a value;
6. can lift restrictions to the ip of restriction later every night 12;
7. the function more than is realized by form of scripts, and script can run once for every 3 minutes, with reach disabled user can not every day frequent brush website traffic effect.
One. analyze apache daily record, take out the access log in last 3 minutes.
* the daily record data in 3 minutes how is got:
1. before Run Script, the total line number of record current log
LOGLINENUMOLD=`/usr/bin/wc-l$BLOGLOG|awk'{print$1}'`
2. wait for 3 minutes: sleep 180
3. get the total line number of current log
LOGLINENUM2=`/usr/bin/wc-l$BLOGLOG|awk'{print$1}'`
4. the line number obtained for twice is kept to the user access logs data in these 3 minutes mutually
let LOGLINENUM=$LOGLINENUM2-$LOGLINENUMOLD
Two. the ip of this time period is sorted, counts the ip that each ip access times are greater than set point
/usr/bin/tail-n $LOGLINENUM $BLOGLOG|/bin/cut-d""-f 1|/bin/sort |/usr/bin/uniq-c|/bin/sort-r-g-k 1|head-n 5|/bin/awk'{if($1>'$ACCESSNUM')print$0}'
Three. judge that system current load situation determines whether to limit
# collects the web page access situation of load and book server
Four. utilize iptables to carry out limiting and do not allow access the ip that access times are greater than a value
/sbin/iptables-I INPUT-p tcp-s $DROPIP2/32--dport 80-j DROP
Although the foregoing describe the specific embodiment of the present invention; but be familiar with those skilled in the art to be to be understood that; specific embodiment described by us is illustrative; instead of for the restriction to scope of the present invention; those of ordinary skill in the art, in the modification of the equivalence done according to spirit of the present invention and change, should be encompassed in scope that claim of the present invention protects.
Claims (6)
1., based on the anti-brush method of flow of script, it is characterized in that: comprise the steps:
Step 1, every t minute, from network log, take out the access log in this time period, t is positive integer;
Step 2, take out wherein all access ip according to described access log;
Step 3, count each access ip access times;
Step 4, access times are greater than limit the ip of value and limit.
2. the anti-brush method of a kind of flow based on script according to claim 1, is characterized in that: also comprise step 5, lift restrictions after h hour to the ip restriction of restriction, h is positive integer.
3. the anti-brush method of a kind of flow based on script according to claim 1, it is characterized in that: step 4 is specially further: if do not limit access ip when system present load is less than limit value, otherwise access times are greater than the ip limiting value limit.
4., based on the anti-brush system of flow of script, it is characterized in that: comprise as lower module:
Obtain log pattern, every t minute, takes out the access log in this time period from network log, and t is positive integer;
Obtain ip module, take out wherein all access ip according to described access log;
Obtain access times module, count the access times of each access ip;
Limiting module, is greater than access times the ip limiting value and limits.
5. the anti-brush system of a kind of flow based on script according to claim 4, is characterized in that: also comprise the module that lifts restrictions, and lift restrictions after limiting h hour to the ip of restriction, h is positive integer.
6. the anti-brush method of a kind of flow based on script according to claim 4, it is characterized in that: limiting module is specially further: if do not limit access ip when system present load is less than limit value, otherwise access times are greater than the ip limiting value limit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510021039.6A CN104618352A (en) | 2015-01-16 | 2015-01-16 | Script-based flow anti-brush method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510021039.6A CN104618352A (en) | 2015-01-16 | 2015-01-16 | Script-based flow anti-brush method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104618352A true CN104618352A (en) | 2015-05-13 |
Family
ID=53152627
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510021039.6A Pending CN104618352A (en) | 2015-01-16 | 2015-01-16 | Script-based flow anti-brush method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104618352A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106230835A (en) * | 2016-08-04 | 2016-12-14 | 摩贝(上海)生物科技有限公司 | Method based on the anti-malicious access that Nginx log analysis and IPTABLES forward |
| CN107222471A (en) * | 2017-05-26 | 2017-09-29 | 微梦创科网络科技(中国)有限公司 | A kind of recognition methods of unartificial brush functional interface and identifying system |
| CN108197936A (en) * | 2017-12-29 | 2018-06-22 | 新开普电子股份有限公司 | card encryption system based on script |
| CN110445779A (en) * | 2019-08-02 | 2019-11-12 | 深圳互联先锋科技有限公司 | Automatic protecting method and system when a kind of DNS system is attacked |
| WO2021068205A1 (en) * | 2019-10-11 | 2021-04-15 | 深圳市欢太科技有限公司 | Access control method and apparatus, and server and computer-readable medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102238696A (en) * | 2010-04-29 | 2011-11-09 | 电信科学技术研究院 | Control method and equipment for terminal equipment access network |
| CN104065657A (en) * | 2014-06-26 | 2014-09-24 | 北京思特奇信息技术股份有限公司 | Method for dynamically controlling user behavior based on IP access and system thereof |
-
2015
- 2015-01-16 CN CN201510021039.6A patent/CN104618352A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102238696A (en) * | 2010-04-29 | 2011-11-09 | 电信科学技术研究院 | Control method and equipment for terminal equipment access network |
| CN104065657A (en) * | 2014-06-26 | 2014-09-24 | 北京思特奇信息技术股份有限公司 | Method for dynamically controlling user behavior based on IP access and system thereof |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106230835A (en) * | 2016-08-04 | 2016-12-14 | 摩贝(上海)生物科技有限公司 | Method based on the anti-malicious access that Nginx log analysis and IPTABLES forward |
| CN106230835B (en) * | 2016-08-04 | 2019-11-22 | 上海摩库数据技术有限公司 | Method based on Nginx log analysis and the IPTABLES anti-malicious access forwarded |
| CN107222471A (en) * | 2017-05-26 | 2017-09-29 | 微梦创科网络科技(中国)有限公司 | A kind of recognition methods of unartificial brush functional interface and identifying system |
| CN107222471B (en) * | 2017-05-26 | 2020-01-14 | 微梦创科网络科技(中国)有限公司 | Identification method and identification system for non-manual brushing function interface |
| CN108197936A (en) * | 2017-12-29 | 2018-06-22 | 新开普电子股份有限公司 | card encryption system based on script |
| CN110445779A (en) * | 2019-08-02 | 2019-11-12 | 深圳互联先锋科技有限公司 | Automatic protecting method and system when a kind of DNS system is attacked |
| WO2021068205A1 (en) * | 2019-10-11 | 2021-04-15 | 深圳市欢太科技有限公司 | Access control method and apparatus, and server and computer-readable medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104618352A (en) | Script-based flow anti-brush method and system | |
| US10057341B2 (en) | Peer-to-peer architecture for web traffic management | |
| CN102609460B (en) | Method and system for microblog data acquisition | |
| CN107071009A (en) | A kind of distributed big data crawler system of load balancing | |
| CN103970788A (en) | Webpage-crawling-based crawler technology | |
| CN106302534B (en) | A kind of method and system of detection and processing illegal user | |
| CN105117107A (en) | Application program icon managing method and application program icon managing system | |
| CN103346902B (en) | The method and system of data acquisition scheduling | |
| CN108536745A (en) | Tables of data extracting method, terminal, equipment and storage medium based on Shell | |
| US20150128280A1 (en) | Network service interface analysis | |
| CN104468411A (en) | Bandwidth allocation method and device and router | |
| CN110661824B (en) | Flow control method of server in distributed cluster and storage medium | |
| CN110266679A (en) | Capacitor network partition method and device | |
| CN104486357A (en) | Method for achieving role-based access control (RBAC) based on SSH website | |
| CN104199901A (en) | Method for batch merging of hbase table regions | |
| CN108270753B (en) | Method and device for logging out user account | |
| CN106776614A (en) | The display methods and device of sharing platform | |
| CN106130880A (en) | The gathering method of network mail data and system | |
| CN103530297A (en) | Method and device capable of automatically carrying out website analysis | |
| CN108377198A (en) | A kind of unified batch maintenance method of node configuration based on cloud platform | |
| CN108108204A (en) | The application program collocation method and device of cloud computing platform | |
| CN109032981A (en) | A kind of method and system counting PCIE information | |
| CN111367878A (en) | IPFS node monitoring method and device | |
| CN108900604A (en) | Information dispensing method, device, branch office service end and storage medium | |
| CN109902137A (en) | A kind of regional culture clearing system Internet-based |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150513 |
|
| RJ01 | Rejection of invention patent application after publication |