CN105991615A - Protection method and device based on CSRF attack - Google Patents
Protection method and device based on CSRF attack Download PDFInfo
- Publication number
- CN105991615A CN105991615A CN201510096263.1A CN201510096263A CN105991615A CN 105991615 A CN105991615 A CN 105991615A CN 201510096263 A CN201510096263 A CN 201510096263A CN 105991615 A CN105991615 A CN 105991615A
- Authority
- CN
- China
- Prior art keywords
- http message
- described http
- network address
- address
- protection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a protection method and a protection device based on CSRF attacks. The protection method comprises the steps of: receiving an HTTP message, and determining whether the HTTP message needs to be protected; if the HTTP message needs to be protected and the HTTP message contains a source address, judging whether the source address is a safe address; if the source address is a safe address, acquiring parameters of the HTTP message; if the parameters of the HTTP message do not contain a preset positive pattern string or contain and only contain the preset positive pattern string, determining that the HTTP message is not abnormal, and forwarding the HTTP message; and determining that the HTTP message is abnormal and forwarding the HTTP message when the parameters of the HTTP message are not in the state of containing and only containing the preset positive pattern string. Therefore, the protection method and the protection device can protect the HTTP message based on the CSRF attacks, are high in protection efficiency, are not prone to cause protection errors, and greatly improve the protection efficiency.
Description
Technical field
The present invention relates to network communication technology field, particularly relate to based on CSRF attack means of defence and
Device.
Background technology
Along with the development of the network communications technology, occur in that the attack method that a kind of authority is falsely used, i.e. please across station
Forgery (Cross Site Request Forgery, CSRF) is asked to attack.It is a kind of network that this CSRF attacks
Attack form, this attack can be sent out with the request of forging of victim's name in the case of victim knows nothing
Give under fire website, thus in the case of undelegated, perform the operation under protection of usage right, have
The biggest hazardness.
In prior art, the means of defence attacked based on CSRF can use checking HTML (Hypertext Markup Language)
The Referer field of (Hyper Text Transfer Protocol, HTTP) realizes.Wherein, according to
Http protocol, has a field Referer in HTTP head, and it have recorded this HTTP request
Source address.But, use above-mentioned means of defence safety the highest, the protection effect that CSRF is attacked
Fruit is the lowest.
Summary of the invention
The present invention provides the means of defence and device attacked based on CSRF, to solve to use in prior art
Existing means of defence safety is the highest, the problem the lowest to the protection effect of CSRF attack.
First aspect according to embodiments of the present invention, it is provided that a kind of means of defence attacked based on CSRF,
Described method includes:
Receive HTTP message, and judge that described HTTP message is anti-the need of attack based on CSRF
Protect;
If described HTTP message needs to carry out to comprise in described protection, and described HTTP message described
During the source website address of HTTP message, it is judged that whether the source website address of described HTTP message is safe network address;
If described source website address is safe network address, obtain the parameter of described HTTP message as described HTTP
When the parameter of message comprises default aggressive mode string, it is determined that described HTTP message does not occur different
Often, and to described HTTP message forward process is carried out;When the parameter of described HTTP message is not wrapped
During containing the aggressive mode string preset, it is determined that described HTTP message occurs abnormal, and to described HTTP
Message carries out packet loss process.
Second aspect according to embodiments of the present invention, it is provided that a kind of preventer attacked based on CSRF,
Described device includes:
First judging unit, is used for receiving HTML (Hypertext Markup Language) HTTP message, and judges described HTTP
Message is the need of the protection attacked based on CSRF;
Second judging unit, if needing to carry out described protection, and described HTTP for described HTTP message
When message comprises the source website address of described HTTP message, it is judged that the source website address of described HTTP message
Whether it is safe network address;
First protective unit, if for described source website address be safe network address time, obtain described HTTP report
The parameter of literary composition;When the aggressive mode string of Non-precondition in the parameter of described HTTP message or described
During the aggressive mode string having in the parameter of HTTP message and only preset, it is determined that described HTTP message
Exception does not occur, and described HTTP message is carried out forward process;Ginseng when described HTTP message
When number not being the aggressive mode string having and only presetting, it is determined that described HTTP message occurs abnormal,
And described HTTP message is carried out forward process.
The application embodiment of the present invention, by receiving HTTP message, and judges whether described TTP message needs
The protection to attack based on CSRF;If HTTP message needs to protect, and wraps in HTTP message
During source website address containing HTTP message, it is judged that whether the source website address of HTTP message is safe network address;
If source website address is safe network address, obtain the parameter of HTTP message, when in the parameter of HTTP message
When comprising default aggressive mode string, it is determined that exception does not occur in HTTP message, and reports HTTP
Literary composition carries out forward process;When the parameter of HTTP message does not comprise default aggressive mode string, then
Determine that HTTP message occurs abnormal, and HTTP message is carried out packet loss process, it is achieved thereby that right
HTTP message carries out the protection attacked based on CSRF, and protection efficiency is higher, is not likely to produce protection
Mistake, is also greatly improved protection efficiency.
Accompanying drawing explanation
Fig. 1 is the application scenarios schematic diagram of the protection that the application embodiment of the present invention is attacked based on CSRF;
Fig. 2 is an embodiment flow chart of the means of defence that the present invention attacks based on CSRF;
Fig. 3 is another embodiment flow chart of the means of defence that the present invention attacks based on CSRF;
Fig. 4 is a kind of hardware structure diagram of the preventer place equipment that the present invention attacks based on CSRF;
Fig. 5 is an embodiment block diagram of the preventer that the present invention attacks based on CSRF.
Detailed description of the invention
For the technical scheme making those skilled in the art be more fully understood that in the embodiment of the present invention, and make
The above-mentioned purpose of the embodiment of the present invention, feature and advantage can become apparent from understandable, the most right
In the embodiment of the present invention, technical scheme is described in further detail.
See Fig. 1, for the application scenarios signal of the protection that the application embodiment of the present invention is attacked based on CSRF
Figure:
Fig. 1 shows the group-network construction of a kind of protection attacked based on CSRF.This framework includes net
Stand (Web) A, website B and the validated user of website A.
Wherein, website A can connect the HTTP message that user sends.Website B is the HTTP that user sends
The source web of message.According to http protocol, HTTP head has a field Referer,
It has recorded the source address of this HTTP request, and this source address is the network address of Web B.
If Web A is not based on the preventing mechanism of CSRF, i.e. there is the website of CSRF leak,
Web B is the malicious websites that assailant builds, and when user is according to the request of website B, sends to website A
HTTP message, and website A is not aware that this HTTP message is initiated by website B in fact, so
This HTTP message can be processed according to the authority of user C, cause the malicious code from website B to be performed.
In the embodiment of the present invention, after website A receives HTTP message, first determine whether that this HTTP reports
The protection whether literary composition is attacked based on CSRF, when judging to need protection, protects the most accordingly, and
Determine it is that this HTTP message is carried out forward process according to Protection Results, or this HTTP message is entered
Row packet loss processes;And, when only judging need not protection, just directly carry out this HTTP message turning
Send out and process.
It addition, what the HTTP message that website A receives can send with outer net, it is also possible to Intranet sends.
Wherein, outer net refers to the website of the website in addition to the A of website, i.e. outer net and the domain name of website A or network
Between agreement (Internet Protocol, the IP) address of interconnection different;Intranet refers to website A self, has
Identical domain name or IP address.
Therefore, in the embodiment of the present invention, can from Intranet, outer net send HTTP message carry out based on
Effective protection that CSRF attacks.
Below in conjunction with the accompanying drawings the embodiment of the protection that the present invention attacks based on CSRF is described in detail.
See Fig. 2, for an embodiment flow chart of the means of defence that the present invention attacks based on CSRF,
The method can apply on website, such as, the website A in Fig. 1, specifically include following steps:
Step 210: receive HTTP message, and judge that this HTTP message is the need of based on CSRF
The protection attacked.Wherein, this HTTP message can be that Intranet website sends, it is also possible to is outer net net
Stand send.
Step 220: if the HTTP message received needs the protection carrying out attacking based on CSRF, and
When this HTTP message comprises the source website address sending this HTTP message, it is judged that this HTTP message
Whether source website address is safe network address.Wherein, according to http protocol, HTTP head has a word
Section is Referer, and it have recorded the source address of this HTTP request.
Step 230: if the source website address of HTTP message is safe network address, obtains this HTTP message
Parameter;When the aggressive mode string of Non-precondition in the parameter of HTTP message, or HTTP message
During the aggressive mode string having in parameter and only preset, it is determined that exception does not occur in described HTTP message,
And described HTTP message is carried out forward process;When the parameter of described HTTP message not being have and only
When having default aggressive mode string, it is determined that described HTTP message occurs abnormal, and to described HTTP
Message carries out forward process.
In the embodiment of the present invention, aggressive mode string refers to the uniform resource locator of HTTP message
Parameter in the argument section of (Uniform Resource Locator, URL) network address, default is positive
Pattern string is default parameter.
Such as, the argument section of the URL network address of HTTP message is /dp/index.php?Name=dptech,
Wherein, name is aggressive mode string.If the aggressive mode string preset is name, it is determined that this HTTP
There is not exception in message, and this HTTP message is carried out forward process.
The embodiment of the present invention uses default aggressive mode string purpose further determine that to receive
The safety of HTTP message, only meets aggressive mode String matching criterion, could preferably carry out based on
The protection that CSRF attacks.Wherein, aggressive mode String matching criterion is for having and only aggressive mode string.
As seen from the above-described embodiment, by receiving HTTP message, and judge whether described TTP message needs
The protection to attack based on CSRF;If HTTP message needs to protect, and wraps in HTTP message
During source website address containing HTTP message, it is judged that whether the source website address of HTTP message is safe network address;
If source website address is safe network address, obtain the parameter of HTTP message, when in the parameter of HTTP message
When comprising default aggressive mode string, it is determined that exception does not occur in HTTP message, and reports HTTP
Literary composition carries out forward process;When the parameter of HTTP message does not comprise default aggressive mode string, then
Determine that HTTP message occurs abnormal, and HTTP message is carried out packet loss process, it is achieved thereby that right
HTTP message carries out the protection attacked based on CSRF, and protection efficiency is higher, is not likely to produce protection
Mistake, is also greatly improved protection efficiency.
In one embodiment, the above-mentioned means of defence attacked based on CSRF also includes:
If the HTTP message received does not comprises described source website address, or this HTTP message
When source network address is not safe network address, obtain the parameter of this HTTP message;When in the parameter of HTTP message
When comprising default aggressive mode string, it is determined that exception does not occur in HTTP message, and reports HTTP
Literary composition carries out forward process;When the parameter of HTTP message does not comprise default aggressive mode string, then
Determine that HTTP message occurs abnormal, and HTTP message is carried out packet loss process.
In another embodiment, the above-mentioned means of defence attacked based on CSRF also includes:
If the HTTP message received is made without protection based on CSRF attack, it is determined that should
There is not exception in HTTP message, and this HTTP message is carried out forward process.
In further embodiment, above-mentioned steps 210 judging, this HTTP message is the need of based on CSRF
During the protection attacked, concrete steps include:
(1) the URL network address of the HTTP message received is obtained, and in default URL network address
The URL network address of inquiry HTTP message.Wherein, the URL network address preset includes that needs are carried out based on CSRF
The network address of the protection attacked.
(2) if inquire the URL network address of HTTP message, then this HTTP message needs to carry out base
In the protection that CSRF attacks;If do not inquire the URL network address of HTTP message, then this HTTP
Message is made without the protection attacked based on CSRF.
In further embodiment, above-mentioned steps 220 judging, whether the source website address of HTTP message is peace
During the whole network location, concrete steps include:
(1) in default source website address, inquire about the source website address of HTTP message.Wherein, that presets comes
Source network address is all safe network address.
(2) if inquire the source website address of HTTP message, then the source website address of HTTP message is peace
The whole network location;If do not inquire the source website address of HTTP message, then the source website address of HTTP message
It it not safe network address.
As seen from the above-described embodiment, by the URL network address of HTTP message, source website address, positive mould
The aspects such as formula string make a distinction process, it is achieved thereby that carry out HTTP message based on CSRF attack
Protection, and protection efficiency is higher, is not likely to produce protection mistake, protection efficiency is also greatly improved.
Fig. 3 is another embodiment flow chart of the means of defence that the present invention attacks based on CSRF, the party
Method can apply on website, such as, the website A in Fig. 1, specifically include following steps:
Step 301: receive HTTP message.Wherein, this HTTP message can be that Intranet website sends
, it is also possible to it is that outer net website sends.
Step 302: judge that HTTP message is the need of the protection attacked based on CSRF, if desired,
Then perform step 303;Otherwise, then step 311 is performed.
Wherein, it is judged that HTTP message specifically includes the need of the protection attacked based on CSRF:
(1) the URL network address of the HTTP message received is obtained, and in default URL network address
The URL network address of the HTTP message that inquire-receive arrives.Wherein, the URL network address preset include needing into
The network address of the protection that row is attacked based on CSRF.
(2) if inquire the URL network address of HTTP message, then this HTTP message needs to carry out base
In the protection that CSRF attacks;If do not inquire the URL network address of HTTP message, then this HTTP
Message is made without the protection attacked based on CSRF.
Step 303: obtain the source website address of HTTP message.
Step 304: judge whether to get the source website address of HTTP message, if getting, then performs
Step 305;Otherwise, then step 309 is performed.
Step 305: whether the source website address judging HTTP message is safe network address, if safety net
Location, then perform step 306;Otherwise, then step 309 is performed.
Wherein, it is judged that whether the source website address of HTTP message is that safe network address specifically includes:
(1) in default source website address, inquire about the source website address of HTTP message.Wherein, preset
Source website address is all safe network address.
(2) if inquire the source website address of HTTP message, the source net of the most described HTTP message
Location is safe network address;If do not inquire the source website address of HTTP message, then HTTP message is next
Source network address is not safe network address.
Step 306: obtain the parameter of HTTP message.
Step 307: judge whether comprise default aggressive mode string in the parameter of HTTP message, if bag
Contain, then perform step 308;Otherwise, step 312 is performed.
Step 308: judge the aggressive mode string whether having in the parameter of HTTP message and only presetting,
If the aggressive mode string having and only preset, then perform step 311;Otherwise, step 312 is performed.
Step 309: obtain the parameter of HTTP message.
Step 310: judge whether comprise default aggressive mode string in the parameter of HTTP message, if bag
Contain, then perform step 311;Otherwise, step 312 is performed.
Step 311: determine that exception does not occur in HTTP message, and HTTP message is carried out at forwarding
Reason, flow process terminates.
Step 312: determine that HTTP message occurs abnormal, and HTTP message is carried out packet loss process,
Flow process terminates.
As seen from the above-described embodiment, by the URL network address of HTTP message, source website address, positive mould
The aspects such as formula string make a distinction process, it is achieved thereby that carry out HTTP message based on CSRF attack
Protection, and protection efficiency is higher, is not likely to produce protection mistake, protection efficiency is also greatly improved.
With aforementioned based on CSRF attack means of defence embodiment corresponding, present invention also offers based on
The embodiment of the preventer that CSRF attacks.
The embodiment of the preventer that the present invention attacks based on CSRF can be applied on network devices.Dress
Put embodiment to be realized by software, it is also possible to realize by the way of hardware or software and hardware combining.
As a example by implemented in software, as the device on a logical meaning, it it is the processor by its place equipment
Computer program instructions corresponding in nonvolatile memory is read in internal memory and run formation.From firmly
For part aspect, as shown in Figure 4, the preventer place equipment attacked based on CSRF for the present invention
A kind of hardware structure diagram, except the processor shown in Fig. 4, network interface, internal memory and non-volatile deposit
Outside reservoir, in embodiment, the equipment at device place generally can also include other hardware, such as responsible process
Forwarding chip of message etc.;This equipment from the point of view of from hardware configuration, can it is also possible that distributed equipment
Multiple interface card can be included, in order to carry out the extension of Message processing at hardware view.
See Fig. 5, for an embodiment block diagram of the preventer that the present invention attacks based on CSRF, institute
State device can apply on network devices, may be used for performing shown in Fig. 2 and Fig. 3 based on CSRF
The means of defence attacked, described device includes: first judging unit the 51, second judging unit 52 and the
One protective unit 53.
Wherein, the first judging unit 51 is used for receiving HTML (Hypertext Markup Language) HTTP message, and judges institute
State HTTP message the need of the protection attacked based on CSRF.
If the second judging unit 52 needs to carry out described protection for described HTTP message, and described
When HTTP message comprises the source website address of described HTTP message, it is judged that coming of described HTTP message
Whether source network address is safe network address.
If the first protective unit 53 for described source website address be safe network address time, obtain described HTTP
The parameter of message;When the aggressive mode string of Non-precondition in the parameter of described HTTP message or described
During the aggressive mode string having in the parameter of HTTP message and only preset, it is determined that described HTTP message
Exception does not occur, and described HTTP message is carried out forward process;Ginseng when described HTTP message
When number not being the aggressive mode string having and only presetting, it is determined that described HTTP message occurs abnormal,
And described HTTP message is carried out forward process.
Wherein, the parameter in the argument section of the URL network address that aggressive mode string refers to HTTP message,
The aggressive mode string preset is default parameter.
In an optional implementation, the described preventer attacked based on CSRF can also include:
Second protective unit (not shown in Fig. 5).
Wherein, if the second protective unit does not comprise described source website address in described HTTP message, or
When the source website address of HTTP message described in person is not safe network address, obtain the parameter of described HTTP message;
When the parameter of described HTTP message comprises default aggressive mode string, it is determined that described HTTP reports
There is not exception in literary composition, and described HTTP message is carried out forward process;When described HTTP message
When parameter does not comprise default aggressive mode string, it is determined that described HTTP message occurs abnormal, and
Described HTTP message is carried out packet loss process.
In another optional implementation, the described preventer attacked based on CSRF can also wrap
Include: the 3rd protective unit (not shown in Fig. 5).
Wherein, if the 3rd protective unit is when described HTTP message is made without described protection, then
Determine that exception does not occur in described HTTP message, and described HTTP message is carried out forward process.
In another optional implementation, described first judging unit 51 is additionally operable to obtain described HTTP
The uniform resource locator URL network address of message, and inquire about described HTTP in default URL network address
The URL network address of message, described default URL network address includes needing to carry out based on preventing that CSRF attacks
The network address protected;If inquire the URL network address of described HTTP message, the most described HTTP message needs
Carry out described protection;If do not inquire the URL network address of described HTTP message, the most described HTTP
Message is made without described protection.
In another optional implementation, described second judging unit 52 is additionally operable at default source net
Inquiring about the source website address of described HTTP message in location, described default source website address is all safe network address;
If inquire the source website address of described HTTP message, the source website address of the most described HTTP message is peace
The whole network location;If do not inquire the source website address of described HTTP message, the most described HTTP message
Source website address is not safe network address.
In said apparatus, the function of unit and the process that realizes of effect specifically refer in said method corresponding
Step realize process, do not repeat them here.
For device embodiment, owing to it corresponds essentially to embodiment of the method, so relevant part ginseng
See that the part of embodiment of the method illustrates.Device embodiment described above is only schematically,
The wherein said unit illustrated as separating component can be or may not be physically separate, makees
The parts shown for unit can be or may not be physical location, i.e. may be located at a place,
Or can also be distributed on multiple NE.Can select according to the actual needs part therein or
The whole module of person realizes the purpose of the present invention program.Those of ordinary skill in the art are not paying creativeness
In the case of work, i.e. it is appreciated that and implements.
As seen from the above-described embodiment, by receiving HTTP message, and judge whether described TTP message needs
The protection to attack based on CSRF;If HTTP message needs to protect, and wraps in HTTP message
During source website address containing HTTP message, it is judged that whether the source website address of HTTP message is safe network address;
If source website address is safe network address, obtain the parameter of HTTP message, when in the parameter of HTTP message
When comprising default aggressive mode string, it is determined that exception does not occur in HTTP message, and reports HTTP
Literary composition carries out forward process;When the parameter of HTTP message does not comprise default aggressive mode string, then
Determine that HTTP message occurs abnormal, and HTTP message is carried out packet loss process, it is achieved thereby that right
HTTP message carries out the protection attacked based on CSRF, and protection efficiency is higher, is not likely to produce protection
Mistake, is also greatly improved protection efficiency.
Those skilled in the art, after considering description and putting into practice invention disclosed herein, will readily occur to this
Other embodiment of invention.The application is intended to any modification, purposes or the adaptability of the present invention
Change, these modification, purposes or adaptations are followed the general principle of the present invention and include this
Bright undocumented common knowledge in the art or conventional techniques means.Description and embodiments only by
Being considered as exemplary, true scope and spirit of the invention are pointed out by claim below.
It should be appreciated that the invention is not limited in described above and illustrated in the accompanying drawings accurately
Structure, and various modifications and changes can carried out without departing from the scope.The scope of the present invention is only by institute
Attached claim limits.
Claims (10)
1. forge, based on the request across station, the means of defence that CSRF attacks for one kind, it is characterised in that described side
Method includes:
Receive HTML (Hypertext Markup Language) HTTP message, and judge described HTTP message the need of based on
The protection that CSRF attacks;
If described HTTP message needs to carry out to comprise in described protection, and described HTTP message described
During the source website address of HTTP message, it is judged that whether the source website address of described HTTP message is safe network address;
If described source website address is safe network address, obtain the parameter of described HTTP message;When described
The aggressive mode string of Non-precondition in the parameter of HTTP message, or in the parameter of described HTTP message
During the aggressive mode string having and only preset, it is determined that exception does not occur in described HTTP message, and right
Described HTTP message carries out forward process;When the parameter of described HTTP message not being have and only pre-
If aggressive mode string time, it is determined that described HTTP message occurs abnormal, and to described HTTP message
Carry out forward process.
Method the most according to claim 1, it is characterised in that described default aggressive mode string is
The parameter preset, described method also includes:
If do not comprise described source website address in described HTTP message, or the source of described HTTP message
When network address is not safe network address, obtain the parameter of described HTTP message;Ginseng when described HTTP message
When number comprises default aggressive mode string, it is determined that exception does not occur in described HTTP message, and right
Described HTTP message carries out forward process;It is default when the parameter of described HTTP message does not comprise
During aggressive mode string, it is determined that described HTTP message occurs abnormal, and carries out described HTTP message
Packet loss processes.
Method the most according to claim 1, it is characterised in that described method also includes:
If described HTTP message is made without described protection, it is determined that described HTTP message does not has
Occur abnormal, and described HTTP message is carried out forward process.
Method the most according to claim 1, it is characterised in that the described HTTP message of described judgement
Specifically include the need of the protection attacked based on CSRF:
Obtain the uniform resource locator URL network address of described HTTP message, and at default URL net
Inquiring about the URL network address of described HTTP message in location, described default URL network address includes that needs are carried out
Network address based on the protection that CSRF attacks;
If inquire the URL network address of described HTTP message, the most described HTTP message needs to carry out institute
State protection;If do not inquire the URL network address of described HTTP message, the most described HTTP message is not
Need to carry out described protection.
Method the most according to claim 1, it is characterised in that the described HTTP message of described judgement
Source website address whether be that safe network address specifically includes:
The source website address of described HTTP message, described default source is inquired about in default source website address
Network address is all safe network address;
If inquire the source website address of described HTTP message, the source website address of the most described HTTP message
It it is safe network address;If do not inquire the source website address of described HTTP message, the most described HTTP reports
The source website address of literary composition is not safe network address.
6. the preventer attacked based on CSRF, it is characterised in that described device includes:
First judging unit, is used for receiving HTML (Hypertext Markup Language) HTTP message, and judges described HTTP
Message is the need of the protection attacked based on CSRF;
Second judging unit, if needing to carry out described protection, and described HTTP for described HTTP message
When message comprises the source website address of described HTTP message, it is judged that the source website address of described HTTP message
Whether it is safe network address;
First protective unit, if for described source website address be safe network address time, obtain described HTTP report
The parameter of literary composition;When the aggressive mode string of Non-precondition in the parameter of described HTTP message or described
During the aggressive mode string having in the parameter of HTTP message and only preset, it is determined that described HTTP message
Exception does not occur, and described HTTP message is carried out forward process;Ginseng when described HTTP message
When number not being the aggressive mode string having and only presetting, it is determined that described HTTP message occurs abnormal,
And described HTTP message is carried out forward process.
Device the most according to claim 6, it is characterised in that described default aggressive mode string is
The parameter preset, described device also includes:
Second protective unit, if do not comprise described source website address, or institute in described HTTP message
State the source website address of HTTP message when being not safe network address, obtain the parameter of described HTTP message;When
When the parameter of described HTTP message comprises default aggressive mode string, it is determined that described HTTP message
Exception does not occur, and described HTTP message is carried out forward process;Ginseng when described HTTP message
When number does not comprise default aggressive mode string, it is determined that described HTTP message occurs abnormal, and right
Described HTTP message carries out packet loss process.
Device the most according to claim 6, it is characterised in that described device also includes:
3rd protective unit, if when described HTTP message is made without described protection, it is determined that
There is not exception in described HTTP message, and described HTTP message is carried out forward process.
Device the most according to claim 6, it is characterised in that described first judging unit is additionally operable to
Obtain the uniform resource locator URL network address of described HTTP message, and in default URL network address
Inquire about the URL network address of described HTTP message, described default URL network address include needs carry out based on
The network address of the protection that CSRF attacks;If inquire the URL network address of described HTTP message, then described
HTTP message needs to carry out described protection;If do not inquire the URL network address of described HTTP message,
The most described HTTP message is made without described protection.
Device the most according to claim 6, it is characterised in that described second judging unit is also used
In inquiring about the source website address of described HTTP message in default source website address, described default source net
Location is all safe network address;If inquire the source website address of described HTTP message, the most described HTTP reports
The source website address of literary composition is safe network address;If do not inquire the source website address of described HTTP message, then
The source website address of described HTTP message is not safe network address.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510096263.1A CN105991615B (en) | 2015-03-04 | 2015-03-04 | Means of defence and device based on CSRF attack |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510096263.1A CN105991615B (en) | 2015-03-04 | 2015-03-04 | Means of defence and device based on CSRF attack |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105991615A true CN105991615A (en) | 2016-10-05 |
CN105991615B CN105991615B (en) | 2019-06-07 |
Family
ID=57039084
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510096263.1A Active CN105991615B (en) | 2015-03-04 | 2015-03-04 | Means of defence and device based on CSRF attack |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105991615B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107294994A (en) * | 2017-07-06 | 2017-10-24 | 网宿科技股份有限公司 | A kind of CSRF means of defences and system based on cloud platform |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101296087A (en) * | 2007-04-23 | 2008-10-29 | Sap股份公司 | Method and system for preventing cross-site attack |
WO2008153606A1 (en) * | 2007-01-26 | 2008-12-18 | Sibeam, Inc. | Content protection based on wireless proximity estimation |
CN101883024A (en) * | 2010-06-23 | 2010-11-10 | 南京大学 | Dynamic detection method for cross-site forged request |
CN102480490A (en) * | 2010-11-30 | 2012-05-30 | 国际商业机器公司 | Method for preventing CSRF attack and equipment thereof |
CN103679018A (en) * | 2012-09-06 | 2014-03-26 | 百度在线网络技术(北京)有限公司 | Method and device for detecting CSRF loophole |
-
2015
- 2015-03-04 CN CN201510096263.1A patent/CN105991615B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008153606A1 (en) * | 2007-01-26 | 2008-12-18 | Sibeam, Inc. | Content protection based on wireless proximity estimation |
CN101296087A (en) * | 2007-04-23 | 2008-10-29 | Sap股份公司 | Method and system for preventing cross-site attack |
CN101883024A (en) * | 2010-06-23 | 2010-11-10 | 南京大学 | Dynamic detection method for cross-site forged request |
CN102480490A (en) * | 2010-11-30 | 2012-05-30 | 国际商业机器公司 | Method for preventing CSRF attack and equipment thereof |
CN103679018A (en) * | 2012-09-06 | 2014-03-26 | 百度在线网络技术(北京)有限公司 | Method and device for detecting CSRF loophole |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107294994A (en) * | 2017-07-06 | 2017-10-24 | 网宿科技股份有限公司 | A kind of CSRF means of defences and system based on cloud platform |
CN107294994B (en) * | 2017-07-06 | 2020-06-05 | 网宿科技股份有限公司 | CSRF protection method and system based on cloud platform |
Also Published As
Publication number | Publication date |
---|---|
CN105991615B (en) | 2019-06-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9716726B2 (en) | Method of identifying and counteracting internet attacks | |
CN104601540B (en) | A kind of cross site scripting XSS attack defence method and Web server | |
CN109309685B (en) | Information transmission method and device | |
CN104539604B (en) | Website protection method and device | |
CN106453438B (en) | Network attack identification method and device | |
CN104301302A (en) | Unauthorized attack detection method and device | |
CN105939348A (en) | MAC address authentication method and apparatus | |
CN107046544A (en) | A kind of method and apparatus of the unauthorized access request recognized to website | |
CN108076003B (en) | Session hijacking detection method and device | |
KR101369743B1 (en) | Apparatus and method for verifying referer | |
CN108243176A (en) | Data transmission method and device | |
CN110213375A (en) | A kind of method, apparatus and electronic equipment of the IP access control based on cloud WAF | |
CN106559405B (en) | Portal authentication method and equipment | |
CN104348924A (en) | Method, system and device for domain name resolution | |
CN105429953A (en) | Method, device and system used for accessing websites | |
CN110557358A (en) | Honeypot server communication method, SSLStrip man-in-the-middle attack perception method and related device | |
US20180302437A1 (en) | Methods of identifying and counteracting internet attacks | |
CN111079138A (en) | Abnormal access detection method and device, electronic equipment and readable storage medium | |
CN105704120A (en) | Method for safe network access based on self-learning form | |
CN105897909B (en) | The WEB service monitoring method of server protection equipment in bypass mode | |
CN102404345A (en) | Distributed attack prevention method and device | |
CN106790073B (en) | Blocking method and device for malicious attack of Web server and firewall | |
CN104660556A (en) | Cross site request forgery vulnerability detection method and device | |
CN105991615A (en) | Protection method and device based on CSRF attack | |
CN111225038B (en) | Server access method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant after: Hangzhou Dipu Polytron Technologies Inc Address before: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant before: Hangzhou Dipu Technology Co., Ltd. |
|
COR | Change of bibliographic data | ||
GR01 | Patent grant | ||
GR01 | Patent grant |