CN106506559A - Access Behavior- Based control method and device - Google Patents
Access Behavior- Based control method and device Download PDFInfo
- Publication number
- CN106506559A CN106506559A CN201611248960.5A CN201611248960A CN106506559A CN 106506559 A CN106506559 A CN 106506559A CN 201611248960 A CN201611248960 A CN 201611248960A CN 106506559 A CN106506559 A CN 106506559A
- Authority
- CN
- China
- Prior art keywords
- configuration
- access
- item
- page
- rule
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of access Behavior- Based control method and device, it is related to technical field of network information.The method includes:Receive the configuration information that configuration side is input on the configuration page;Configuration rule is generated according to the configuration information;The configuration rule is synchronized to the Configuration Agent end that run in end equipment in each of front, so that the Configuration Agent end is controlled to the access behavior of headend equipment according to the configuration rule.Using this programme, configuration side can be made only need to change the control strategy to user access activity in real time by configuration page operation, and without the need for restarting headend equipment again after control strategy change, reduce the change cost of access Behavior- Based control and improve which and change efficiency;Meanwhile, and as which is simple to operate flexibly, operate without the need for special operation maintenance personnel, so as to reduce personnel cost.
Description
Technical field
The present invention relates to technical field of network information, and in particular to a kind of access Behavior- Based control method and device.
Background technology
With the continuous development of the network information technology, the Working Life of people has been goed deep in disparate networks service.But accessing
Amount excessive, when back-end services cannot meet the access request of all users, be ensure back-end services availability and stability, meeting
The control strategy of real-time adjustment user access activity.
For example, be the access that limits certain regional user, in existing scheme, need the IP of shielding to be recorded in IP
In list, by the configuration file of IP lists write headend equipment (such as nginx), nginx is according to the IP row write in configuration file
Table, filters out the access request of the corresponding users of IP of shielding, realizes the control to user access activity.However, adopting this side
Method, needs to write excessive IP information in the configuration file of nginx, and nginx can be caused to need to load mass data when starting
Into internal memory, the startability of nginx is affected;And, the method depends on IP lists, it is impossible to realize neatly IP controls plan
Slightly;Need to restart nginx after due to changing the configuration file of nginx and can just come into force, thus the method cannot meet and frequently increase
Plus or modification IP filtration needs;In addition, the configuration file of modification nginx needs special operation maintenance personnel to be operated, Ren Yuancheng
This is higher.
Content of the invention
In view of the above problems, it is proposed that the present invention so as to provide one kind overcome the problems referred to above or at least in part solve on
State the access Behavior- Based control method and device of problem.
According to an aspect of the invention, there is provided a kind of access Behavior- Based control method, which includes:
Receive the configuration information that configuration side is input on the configuration page;
Configuration rule is generated according to the configuration information;
The configuration rule is synchronized to the Configuration Agent end that run in end equipment in each of front, for the Configuration Agent
End is controlled to the access behavior of headend equipment according to the configuration rule.
According to a further aspect in the invention, there is provided a kind of access Behavior- Based control device, which includes:Configuration service end and many
Individual Configuration Agent end;
The configuration service end includes:
Receiver module, is suitable to receive the configuration information that configuration side is input on the configuration page;
Generation module, is suitable to generate configuration rule according to the configuration information;
Synchronization module, is suitable to the configuration rule is synchronized to the Configuration Agent end that run in end equipment in each of front;
The Configuration Agent end includes:
Control module, is suitable to be controlled the access behavior of headend equipment according to the configuration rule.
According to the access Behavior- Based control method and device of the present invention, by matching somebody with somebody that reception configuration side is input on the configuration page
Confidence ceases;Configuration rule is generated according to configuration information;Configuration rule is synchronized to the configuration generation that run in end equipment in each of front
Reason end, so that Configuration Agent end is controlled to the access behavior of headend equipment according to configuration rule.Using this programme, can make to match somebody with somebody
The side of putting only can need to change the control strategy to user access activity in configuration page operation in real time, reduce access behavior control
The change cost of system and improve its change efficiency;Meanwhile, and as which is simple to operate flexibly, grasp without the need for special operation maintenance personnel
Make, so as to reduce personnel cost.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention,
And can be practiced according to the content of description, and in order to allow the above and other objects of the present invention, feature and advantage can
Become apparent, below especially exemplified by the specific embodiment of the present invention.
Description of the drawings
By reading the detailed description of hereafter preferred implementation, various other advantages and benefit are common for this area
Technical staff will be clear from understanding.Accompanying drawing is only used for the purpose for illustrating preferred implementation, and is not considered as to the present invention
Restriction.And in whole accompanying drawing, it is denoted by the same reference numerals identical part.In the accompanying drawings:
Fig. 1 shows the schematic flow sheet of the access Behavior- Based control method provided according to one embodiment of the invention;
Fig. 2 shows the schematic flow sheet of the access Behavior- Based control method for providing according to a further embodiment of the invention;
Fig. 3 shows the schematic flow sheet for accessing Behavior- Based control method according to another embodiment offer of the present invention;
Fig. 4 shows the illustrative view of functional configuration of the access Behavior- Based control device provided according to one embodiment of the invention;
Fig. 5 shows that the functional structure of the access Behavior- Based control device for providing according to a further embodiment of the invention is illustrated
Figure.
Specific embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although the disclosure is shown in accompanying drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure and should not be by embodiments set forth here
Limited.On the contrary, there is provided these embodiments are able to be best understood from the disclosure, and can be by the scope of the present disclosure
Complete conveys to those skilled in the art.
Fig. 1 shows the schematic flow sheet of the access Behavior- Based control method provided according to one embodiment of the invention.Such as Fig. 1
Shown, the method is comprised the following steps:
Step 101, receives the configuration information that configuration side is input on the configuration page.
Wherein, the configuration page can be Web page.Containing multiple configuration items for being available for the side of configuration to select in the configuration page.
Configuration item includes region configuration item, access frequency configuration item or other configurations item.The configuration item that configuration item can be carried for system
Or the configuration item of configuration root self-defined setting according to practical application.Configuration can carry out additions and deletions to configuration item.
In a kind of situation, configuration item directly can present in the configuration page, or receive configuration side certain
Present after one assigned operation, such as present after a certain shortcut or a certain functional element of the configuration page is triggered.Configuration side
The one or more configuration items for needing configuration are selected in the configuration item option for presenting, and are input into corresponding configuration information.As needed
When configuration of territory item is configured over the ground, selectively configuration of territory item in the page is assumed, and it is input into corresponding configuration information.Match somebody with somebody confidence
Breath can be region name or the code name for needing to limit, or need region name or code name of response etc..
In another kind of situation, configuration item can not directly be presented in the configuration page, can be according to matching somebody with somebody for receiving
The configuration information of the side's of putting input judges which configuration item the fixed configuration information belongs to.For example, configuration side is received in configuration page
The configuration information being input on face is " it is 10 times/second to limit the Shanghai access frequency upper limit ", then judge its belong to region configuration item with
The combination of access frequency configuration item.
Optionally, be guarantee system safety, receive configuration side configure the page on input configuration information before,
Authentication need to be carried out to configuration side, when authentication is by the executable subsequent step in rear.
For example, certain online education website series video that live high examination paper is answerred questions after college entrance examination, wherein, series is regarded
Frequency division is Beijing volume, Shanghai volume, a roll of, national volume two of whole nation etc..When user's visit capacity is excessive, it is the normal of guarantee server
Operation, configuration can be input into configuration information on the configuration page, to be used for the access behavior for controlling user.For example, live
During the volume video of Beijing, configuration can in the configuration page selectively configuration of territory item, and only defeated in the permission item of region configuration item
Enter Beijing, when live video switches to the national video of volume two by Beijing volume video, configuration can be input in above-mentioned permission item
Henan, Shandong etc. are using national volume two of area.Again due to using national volume two of province more, configuration side also can be in configuration page
Access frequency configuration item is selected in face, and is input into the highest frequency that unique user allows to access.
Step 102, generates configuration rule according to configuration information.
Specifically, according to the configuration information in step 101, to needing configuration information to be processed to generate phase after processing
The configuration rule that answers.To needing configuration information to be processed to be processed can be specifically:Keyword in identification configuration information,
Such as " permission " and " Beijing " keyword in identification " allowing Beijing area to access ";It is to invalid information in configuration information that may also be
Filter etc., such as the configuration information of input is " allowing Beijing, Meishan area to conduct interviews ", when in system without Meishan area class
When other, then by this information filtering, and configuration side is fed back in modes such as promptings;Or other processing modes.By default
Generation program according to process after configuration information generate corresponding configuration rule.
And to the configuration information without the need for processing, such as configuration side is input into " Shanghai " in limit entry in selectively configuration of territory item,
Program is generated according to the configuration rule being set then, configuration rule is directly generated.
For example, configuration rule can be:When the configuration information of configuration side's input in step 101 is for " only permission is northern
Capital ", the then configuration rule for being generated according to the configuration information are the access request for filtering out the user that IP address is non-Beijing area;
When in step 101, the input of configuration side both inclusively only allows the configuration information that the user of Beijing area accesses in configuration of territory item,
It is 10 times/second comprising the highest frequency for allowing in access frequency configuration item unique user to access again, then the configuration rule for generating is,
After the access request for filtering out the user that IP address is non-Beijing area, access frequency is further filtered out more than 10 times/second
User access request.
Step 103, configuration rule is synchronized to the Configuration Agent end that run in end equipment in each of front, for Configuration Agent
End is controlled to the access behavior of headend equipment according to configuration rule.
Configuration rule in step 102 is synchronized to the Configuration Agent end that run in each headend equipment, Configuration Agent end
After configuration rule is obtained, the access behavior of headend equipment is controlled according to configuration rule.
For example, ask if the configuration rule in step 102 is the access for filtering out the user that access frequency is more than 10 times/second
Ask, then by the regular and synchronized to Configuration Agent end, when headend equipment receives access request, the corresponding IP of parsing access request
Address, counts the access frequency of IP address, whether judges the access frequency more than the visit frequency threshold value in Configuration Agent end, and
Responded according to judged result or refuse the access request.
Optionally, before above-mentioned steps, Configuration Agent end can be monitored to the access behavior of headend equipment, work as monitoring
When arriving the visit capacity of headend equipment beyond the visit capacity upper limit, send a notification message to configuration service end.Configuration service end is receiving
Alarming processing is carried out according to the notification message to after notification message.Alarming processing is specifically as follows with page prompts or other promptings
Method exceeds the alarm prompt of the visit capacity upper limit to configuration side's amount of conducting interviews, so that configuration side can be changed in real time to user
The control strategy of access behavior.
According to the present invention access Behavior- Based control method, by receive configuration side configure the page on be input into confidence
Breath, and configuration rule is generated according to configuration information, most configuration rule is synchronized to the configuration that run in end equipment in each of front at last
Agent side, so that Configuration Agent end is controlled to the access behavior of headend equipment according to configuration rule.Using this programme, can make
Configuration side only can need to change the control strategy to user access activity in configuration page operation in real time, and in control strategy more
Without the need for restarting headend equipment again after changing, reduce the change cost of access Behavior- Based control and improve which and change efficiency;Meanwhile,
Again as which is simple to operate flexibly, operate without the need for special operation maintenance personnel, so as to reduce personnel cost.
Fig. 2 shows the schematic flow sheet of the access Behavior- Based control method for providing according to a further embodiment of the invention.Such as
Shown in Fig. 2, the method is comprised the following steps:
Step 201, receives the configuration information that configuration side is input on the configuration page.
Wherein, the configuration page can be Web page.Containing multiple configuration items for being available for the side of configuration to select in the configuration page.
Configuration item includes region configuration item.
In a kind of situation, region configuration item can directly present in the configuration page, or receive configuration
Present after a certain assigned operation in side, such as present after a certain shortcut or a certain functional element of the configuration page is triggered.Match somebody with somebody
The side of putting selects the one or more configuration items for needing configuration in the configuration item option for presenting, and is input into corresponding configuration information.
As when configuration of territory item is configured over the ground, selectively configuration of territory item in the page is assumed, and it is input into corresponding configuration information.Configuration
Information can be region name or the code name for needing to limit, or need region name or code name of response etc..
In another kind of situation, region configuration item can not directly be presented in the configuration page, can be that basis is received
The configuration information of configuration side's input judge which configuration item the fixed configuration information belongs to.For example, receive configuration side matching somebody with somebody
It is " restriction Shanghai " to put the configuration information being input on the page, then judge which belongs to region configuration item.
Optionally, be guarantee system safety, receive configuration side configure the page on input configuration information before,
Authentication need to be carried out to configuration side, when authentication is by the executable subsequent step in rear.
For example, during live, the concurrent visit capacity of user is crossed conference and causes server overload, or even occurs delaying
The phenomenon of machine, so need to change the control strategy to user access activity in real time.For example, the user for limiting certain areas visits
Ask to ensure normal access of major area user etc..
To certain areas user access limit when, receive configuration side configure the page on be input into confidence
Breath, to limit the access behavior of a part of user.For example, be limit District of Shanghai user access, receive configuration side in region
The Shanghai being input in the limit entry of configuration item, then define and access the control strategy for being limited to Shanghai user.
Step 202, generates IP filtering rules according to configuration information.
Specifically, according to the configuration information in step 201, to needing configuration information to be processed to generate phase after processing
The configuration rule that answers.To needing configuration information to be processed to be processed can be specifically:Keyword in identification configuration information,
Such as " permission " and " Beijing " keyword in identification " allowing Beijing area to access ";It is to invalid information in configuration information that may also be
Filter etc., such as the configuration information of input is " allowing Beijing, Meishan area to conduct interviews ", when in system without Meishan area class
When other, then by this information filtering, and configuration side is fed back in modes such as promptings.After default generation program is according to process
Configuration information generates IP filtering rules.
And to the configuration information without the need for processing, such as configuration side is input into " Shanghai " in limit entry in selectively configuration of territory item,
Program is generated according to the configuration rule being set then, the access request configuration for filtering out that IP address is District of Shanghai is directly generated
Rule.
Step 203, Configuration Agent end update local IP blacklists and/or IP white lists according to IP filtering rules.
Wherein, the IP lists of each region are preserved at Configuration Agent end.If preventing the corresponding access of all IP in list
Request, then the list is IP blacklists;If allowing the corresponding access request of all IP in list, the list is IP white lists.
Before configuration of territory item is not configured over the ground, locally stored IP blacklists are defaulted as sky, that is, allow allly
The user in domain conducts interviews, and after configuration of territory item is configured over the ground, rule are filtered according to the IP in step 202 in Configuration Agent end
Local IP blacklist and/or IP white list are then updated.For example, when the IP filtering rules in step 202 are to filter out IP address
For the access request of District of Shanghai, then local IP blacklists are updated for all IP in District of Shanghai.
Step 204, when headend equipment receives access request, the corresponding IP address of parsing access request, by IP address
Mated with the IP blacklists and/or IP white lists at Configuration Agent end, responded according to matching result or denied access please
Ask.
When headend equipment receives access request, parse the corresponding IP address of the access request, and by the IP address with
Locally stored IP blacklists and/or IP white lists after Configuration Agent end updates in step 203 is mated.If the IP address
In local IP blacklists, then refuse the corresponding access request of the IP address;If the IP address is not in local IP blacklists
Or in local IP white lists, then respond the corresponding access requests of the IP.
Optionally, before above-mentioned steps are executed, Configuration Agent end is monitored to the access behavior of headend equipment, works as monitoring
When arriving the visit capacity of headend equipment beyond the visit capacity upper limit, send a notification message to configuration service end.Configuration service end is receiving
To after notification message, alarming processing is carried out according to the notification message.
For example, during live, user's visit capacity needs to change when excessive in real time to user access activity
Control strategy.For example, the user for limiting certain areas accesses to ensure the normal access of major area user.For ensureing configuration side
In real time the control strategy of user access activity can be adjusted, access behavior of the Configuration Agent end to headend equipment can be passed through
Be monitored, when the visit capacity of headend equipment being monitored beyond default access thresholds, send a notification message to configuration service end.
Configuration service end after receiving the notifying message, carries out alarming processing according to the notification message, then by configuration side, basis should
Alarm changes the control strategy of user access activity in real time.
According to the access Behavior- Based control method of the present invention, by receiving configuration side in the configuration of territory item input of Web page Shangdi
Configuration information, and IP filtering rules are generated according to configuration information, Configuration Agent end updates local IP according to IP filtering rules
Blacklist and/or IP white lists.When headend equipment receives access request, the corresponding IP address of parsing access request should
IP address is mated with the IP blacklists and/or IP white lists at Configuration Agent end, is responded according to matching result or is refused
The access request.Using this programme, using this programme, configuration side can be made only need to neatly to change IP by Web is operated in real time
Control strategy, and the change cost of IP control strategies is reduced without the need for restarting headend equipment again after control strategy change
And improve its change efficiency;Simultaneously as which is simple to operate flexibly, operate without the need for special operation maintenance personnel, so as to reduce people
Member's cost;Again as IP lists are stored in Configuration Agent end, FEP need not load mass data on startup.
Fig. 3 shows the schematic flow sheet for accessing Behavior- Based control method according to another embodiment offer of the present invention.Such as
Shown in Fig. 3, the method is comprised the following steps:
Step 301, receives the configuration information that configuration side is input on the configuration page.
Wherein, the configuration page can be Web page.Containing multiple configuration items for being available for the side of configuration to select in the configuration page.
Configuration item includes access frequency configuration item.
In a kind of situation, access frequency configuration item can directly present in the configuration page, or receive
Present after a certain assigned operation in configuration side, such as after a certain shortcut or a certain functional element of the configuration page is triggered be in
Existing.Configuration side selects the one or more configuration items for needing configuration in the configuration item option for presenting, and is input into corresponding configuration
Information.In the page is assumed, access frequency configuration item is such as selected, and be input into corresponding configuration information.Configuration information can be to access
Upper frequency limit value.
In another kind of situation, access frequency configuration item can not directly be presented in the configuration page, can be that basis connects
The configuration information of the configuration side's input for receiving judges which configuration item the fixed configuration information belongs to.For example, receive configuration side to exist
The configuration information being input on the configuration page is " access frequency maximum is 20 times/second ", then judge which belongs to access frequency and matches somebody with somebody
Put item.
Optionally, be guarantee system safety, receive configuration side configure the page on input configuration information before,
Authentication need to be carried out to configuration side, when authentication is by the executable subsequent step in rear.
For example, in online score inquiry website, the concurrent visit capacity of user is crossed conference and causes server overload, very
To the phenomenon for the machine of delaying occur, so needing to change the control strategy to user access activity in real time, access frequency mistake is such as limited
The access of high user.When implementing to user's access frequency control strategy, it is the access for limiting the too high user of access frequency,
Configuration side corresponding configuration information of the access frequency configuration item that is input on the page is configured is received, if the configuration side of reception is matching somebody with somebody
The access higher limit for putting access frequency configuration item input on the page is 50 times/second, then define to access frequency more than 50 times/second
User the control strategy that limited of access.
Step 302, generates access frequency restriction rule according to configuration information.
Specifically, according to the configuration information in step 301, to needing configuration information to be processed to generate phase after processing
The configuration rule that answers.To needing configuration information to be processed to be processed can be specifically:Keyword in identification configuration information,
Such as " maximum " " access frequency ", " 50 time/second " keyword in identification " largest access frequency is 50 times/second ";Alternatively to matching somebody with somebody
In confidence breath, invalid information is filtered etc., and such as the configuration information of input is " largest access frequency is -2 times/seconds ", then believe this
Breath is filtered, and feeds back to configuration side in modes such as promptings.Eventually through default generation program according to process after configuration information
Generate access frequency restriction rule.
And to the configuration information without the need for processing, such as configuration side is in largest access frequency item in selection access frequency configuration item
Input " 50 time/second ", then generate program according to the configuration rule being set, directly generates and filters out access frequency more than 50
The configuration rule of the access request of secondary/second.
Step 303, Configuration Agent end update local visit frequency threshold value according to access frequency restriction rule.
Configuration Agent end updates locally stored visit frequency threshold value according to the access frequency restriction rule in step 302.
For example, originally locally stored visit frequency threshold value is sky, when in step 303, access frequency restriction rule is restriction access frequency
Higher than the access request of 50 times/second, then it is 50 times/second that Configuration Agent end updates local visit frequency threshold value.
Step 304, when headend equipment receives access request, the corresponding IP address of parsing access request, statistics IP ground
The access frequency of location, judges whether the access frequency of IP address is more than or equal to the visit frequency threshold value at Configuration Agent end,
If so, then refuse the access request;If it is not, then responding the access request.
When headend equipment receives access request, the corresponding IP address of parsing access request, and count the IP address
Access frequency.Locally stored visit frequency threshold value relatively in the access frequency and step 304 of the IP address of statistics, if statistics
IP address access frequency more than local visit frequency threshold value, then refuse the access request;If the visit of the IP address of statistics
Ask that frequency less than or equal to local visit frequency threshold value, then responds the access request.
Optionally, before above-mentioned steps are executed, Configuration Agent end is monitored to the access behavior of headend equipment, works as monitoring
When arriving the visit capacity of headend equipment beyond the visit capacity upper limit, send a notification message to configuration service end.Configuration service end is receiving
To after notification message, alarming processing is carried out according to the notification message.
For example, need to change the control strategy to user access activity in real time when user's visit capacity is excessive.For
Ensure that configuration can be adjusted to the control strategy of user access activity in real time, Configuration Agent end can be passed through to headend equipment
Access behavior be monitored, when the visit capacity of headend equipment is monitored beyond default access thresholds, send out to configuration service end
Send notification message.Configuration service end after receiving the notifying message, carries out alarming processing according to the notification message, then configuration side
The control strategy of user access activity can be changed according to the alarm in real time.
According to the access Behavior- Based control method of the present invention, frequency configuration item is accessed in Web page by receiving configuration side
The configuration information of input, and access frequency restriction rule is generated according to configuration information, Configuration Agent end is limited according to access frequency
The local visit frequency threshold value of Policy Updates.When headend equipment receives access request, the corresponding IP ground of parsing access request
Location, counts the access frequency of the IP address, compares the access frequency and local visit frequency threshold value of the IP address, and according to than
Relatively result is responded or refuses the access request.Using this programme, configuration side can be made only need to neatly to change by Web is operated in real time
Become access frequency control strategy, and access frequency control is reduced without the need for restarting headend equipment again after control strategy change
Make the change cost of strategy and improve which and change efficiency;Simultaneously as which is simple to operate flexibly, grasp without the need for special operation maintenance personnel
Make, so as to reduce personnel cost;Again as visit frequency threshold value is stored in Configuration Agent end, thus FEP on startup without
Mass data need to be loaded.
Above-mentioned two embodiment is that configuration item is region configuration item and the access Behavior- Based control method of access frequency configuration item,
However, it will be understood by those skilled in the art that configuration item in the present invention not only inclusively configuration of territory item and access frequency configuration item, also
Comprising other configurations item, such as level of security configuration item etc..So that configuration item is comprising level of security configuration as an example, then access Behavior- Based control
Method is specially:After the corresponding configuration information of the level of security configuration item that selects on configuration interface of configuration side is received, for example,
The configuration information can be the configuration information of the low access behavior of refusal level of security.Level of security is generated according to the configuration information
Control rule.The level of security control rule can be the visit for limiting safety detection control A to access environment scoring less than 60 points
Ask request;Allow access requests of the safety detection control A to access environment scoring more than or equal to 60 points.And by the configuration rule
The Configuration Agent end that run in end equipment in each of front is synchronized to, Configuration Agent end can update local peace according to configuration rule
Full level threshold is 60 points.When headend equipment receives access request, scored for access environment by safe control A,
If scoring responds the access request more than or equal to 60 points;Otherwise, refuse the access request.
Fig. 4 shows the illustrative view of functional configuration of the access Behavior- Based control device provided according to one embodiment of the invention.
As shown in figure 4, the device includes:Configuration service end and multiple Configuration Agent ends;
Wherein, the configuration service end includes:Receiver module 41, generation module 42, synchronization module 43;The Configuration Agent end bag
Include control module 44.
Receiver module 41, is suitable to receive the configuration information that configuration side is input on the configuration page.
Wherein, the configuration page can be Web page.Containing multiple configuration items for being available for the side of configuration to select in the configuration page.
Configuration item includes region configuration item, access frequency configuration item or other configurations item.The configuration item that configuration item can be carried for system
Or the configuration item of configuration root self-defined setting according to practical application.Configuration can carry out additions and deletions to configuration item.
In a kind of situation, configuration item directly can present in the configuration page, or receive configuration side certain
Present after one assigned operation, such as present after a certain shortcut or a certain functional element of the configuration page is triggered.Configuration side
The one or more configuration items for needing configuration are selected in the configuration item option for presenting, and are input into corresponding configuration information.As needed
When configuration of territory item is configured over the ground, selectively configuration of territory item in the page is assumed, and it is input into corresponding configuration information.Match somebody with somebody confidence
Breath can be region name or the code name for needing to limit, or need region name or code name of response etc..
In another kind of situation, configuration item can not directly be presented in the configuration page, can be according to matching somebody with somebody for receiving
The configuration information of the side's of putting input judges which configuration item the fixed configuration information belongs to.For example, configuration side is received in configuration page
The configuration information being input on face is " it is 10 times/second to limit the Shanghai access frequency upper limit ", then judge its belong to region configuration item with
The combination of access frequency configuration item.
Optionally, be guarantee system safety, receive configuration side configure the page on input configuration information before,
Authentication need to be carried out to configuration side, when authentication is by the executable subsequent step in rear.
For example, certain online education website series video that live high examination paper is answerred questions after college entrance examination, wherein, series is regarded
Frequency division is Beijing volume, Shanghai volume, a roll of, national volume two of whole nation etc..When user's visit capacity is excessive, it is the normal of guarantee server
Operation, configuration can be input into configuration information on the configuration page, to be used for the access behavior for controlling user.For example, live
During the volume video of Beijing, configuration can in the configuration page selectively configuration of territory item, and only defeated in the permission item of region configuration item
Enter Beijing, when live video switches to the national video of volume two by Beijing volume video, configuration can be input in above-mentioned permission item
Henan, Shandong etc. are using national volume two of area.Again due to using national volume two of province more, configuration side also can be in configuration page
Access frequency configuration item is selected in face, and is input into the highest frequency that unique user allows to access.
Generation module 42, is suitable to generate configuration rule according to configuration information.
Specifically, according to the configuration information in receiver module 41, to needing configuration information to be processed raw after processing
Into corresponding configuration rule.To needing configuration information to be processed to be processed can be specifically:Pass in identification configuration information
" permission " and " Beijing " keyword in key word, such as identification " allowing Beijing area to access ";It is to nothing in configuration information that may also be
Effect information is filtered etc., and such as the configuration information of input is " allowing Beijing, Meishan area to conduct interviews ", when in system without Meishan
During regional classification, then by this information filtering, and configuration side is fed back in modes such as promptings;Or other processing modes.Pass through
Default generation program according to process after configuration information generate corresponding configuration rule.
And to the configuration information without the need for processing, such as configuration side is input into " Shanghai " in limit entry in selectively configuration of territory item,
Program is generated according to the configuration rule being set then, configuration rule is directly generated.
For example, configuration rule can be:When the configuration information of configuration side's input in receiver module 41 is for " only permission is northern
Capital ", the then configuration rule for being generated according to the configuration information are the access request for filtering out the user that IP address is non-Beijing area;
When in receiver module 41 input of configuration side both inclusively only allow that the user of Beijing area accesses in configuration of territory item with confidence
Breath, but comprising in access frequency configuration item allow unique user access highest frequency be 10 times/second, then the configuration rule for generating
For, after the access request for filtering out the user that IP address is non-Beijing area, further filter out access frequency more than 10 times/
The access request of the user of second.
Synchronization module 43, is suitable to configuration rule is synchronized to the Configuration Agent end that run in end equipment in each of front.
Configuration rule in generation module 42 is synchronized to the Configuration Agent end that run in end equipment in each of front.Citing comes
Say, if the configuration rule in generation module 42 is the access request for filtering out access frequency more than the user of 10 times/second, should
Regular and synchronized is to Configuration Agent end.
Control module 44, is suitable to be controlled the access behavior of headend equipment according to configuration rule.
After configuration rule to be synchronized to synchronization module 43 the Configuration Agent end that run in end equipment in each of front, according to this
Configuration rule is controlled to the access behavior of headend equipment.For example, if to will filter out access frequency big for synchronization module 43
After the configuration rule of the access request of the user of 10 times/second is synchronized to Configuration Agent end, ask when headend equipment receives access
Whether, when asking, the corresponding IP address of parsing access request counts the access frequency of IP address, judge the access frequency more than configuration
Visit frequency threshold value in agent side, and responded according to judged result or refuse the access request.
According to the access Behavior- Based control device of the present invention, the input on the configuration page of configuration side is received by receiver module
Configuration information, and configuration rule is generated according to configuration information by generation module, and pass through synchronization module by configuration rule synchronization
To the Configuration Agent end that runs in end equipment in each of front, the visit eventually through control module according to configuration rule to headend equipment
The behavior of asking is controlled.Using this programme, configuration side can be made only need to change by configuration page operation in real time user is visited
The control strategy of behavior is asked, and access Behavior- Based control is reduced without the need for restarting headend equipment again after control strategy change
Change cost and improve its change efficiency;Meanwhile, and as which is simple to operate flexibly, operate without the need for special operation maintenance personnel,
So as to reduce personnel cost.
Fig. 5 shows that the functional structure of the access Behavior- Based control device for providing according to a further embodiment of the invention is illustrated
Figure.
As shown in figure 5, on the basis of Fig. 4 shown devices, the access Behavior- Based control device also includes:Configuration Agent end
Monitoring module 51, the alarm module 52 at configuration service end.
Monitoring module 51, is suitable to be monitored the access behavior of headend equipment;When the visit capacity for monitoring headend equipment
During beyond the visit capacity upper limit, send a notification message to configuration service end.
For example, during live, user's visit capacity needs to change when excessive in real time to user access activity
Control strategy.For example, the user for limiting certain areas accesses to ensure the normal access of major area user.For ensureing configuration side
In real time the control strategy of user access activity can be adjusted, access behavior of the Configuration Agent end to headend equipment can be passed through
Be monitored, when the visit capacity of headend equipment being monitored beyond default access thresholds, send a notification message to alarm module 52.
Alarm module 52, is suitable to carry out alarming processing according to notification message.
After the notification message for receiving the transmission of monitoring module 51, alarming processing is carried out according to the notification message.Alert process
The alarm prompt for exceeding the visit capacity upper limit with page prompts or other reminding methods to configuration side's amount of conducting interviews is specifically as follows,
So that configuration side can change the control strategy to user access activity in real time.
When configuration item inclusively configuration of territory item:
Receiver module 41 is further adapted for:Selected region configuration item is corresponding matches somebody with somebody on the page is configured to receive configuration side
Confidence ceases.
Configuration item inclusively configuration of territory item when, in a kind of situation, region configuration item can configuration the page in be in directly
Existing, or presentation after a certain assigned operation in configuration side is received, is such as triggering a certain shortcut or the configuration page
Present after a certain functional element.Configuration side selects the one or more configurations for needing configuration in the configuration item option for presenting
, and it is input into corresponding configuration information.As when configuration of territory item is configured over the ground, selectively configuration of territory item in the page is assumed,
And it is input into corresponding configuration information.Region name or code name that configuration information can be limited for needs, or the region for needing response
Title or code name etc..
In another kind of situation, region configuration item can not directly be presented in the configuration page, can be that basis is received
The configuration information of configuration side's input judge which configuration item the fixed configuration information belongs to.For example, receive configuration side matching somebody with somebody
It is " restriction Shanghai " to put the configuration information being input on the page, then judge which belongs to region configuration item.
Optionally, be guarantee system safety, receive configuration side configure the page on input configuration information before,
Authentication need to be carried out to configuration side, when authentication is by the executable subsequent step in rear.
For example, during live, the concurrent visit capacity of user is crossed conference and causes server overload, or even occurs delaying
The phenomenon of machine, so need to change the control strategy to user access activity in real time.For example, the user for limiting certain areas visits
Ask to ensure normal access of major area user etc..
To certain areas user access limit when, receive configuration side configure the page on be input into confidence
Breath, to limit the access behavior of a part of user.For example, be limit District of Shanghai user access, receive configuration side in region
The Shanghai being input in the limit entry of configuration item, then define and access the control strategy for being limited to Shanghai user.
Generation module 42 is further adapted for:IP filtering rules are generated according to configuration information.
Specifically, according to the configuration information in receiver module 41, to needing configuration information to be processed raw after processing
Into corresponding configuration rule.To needing configuration information to be processed to be processed can be specifically:Pass in identification configuration information
" permission " and " Beijing " keyword in key word, such as identification " allowing Beijing area to access ";It is to nothing in configuration information that may also be
Effect information is filtered etc., and such as the configuration information of input is " allowing Beijing, Meishan area to conduct interviews ", when in system without Meishan
During regional classification, then by this information filtering, and configuration side is fed back in modes such as promptings.By default generation program according to place
Configuration information after reason generates IP filtering rules.
And to the configuration information without the need for processing, such as configuration side is input into " Shanghai " in limit entry in selectively configuration of territory item,
Program is generated according to the configuration rule being set then, the access request configuration for filtering out that IP address is District of Shanghai is directly generated
Rule.
Control module 44 is further adapted for:Local IP blacklists and/or IP white lists are updated according to IP filtering rules;When
When headend equipment receives access request, the corresponding IP address of parsing access request, by IP address and Configuration Agent end
IP blacklists and/or IP white lists are mated, and responded according to matching result or refusal states access request.
Wherein, the IP lists of each region are preserved at Configuration Agent end.If preventing the corresponding access of all IP in list
Request, then the list is IP blacklists;If allowing the corresponding access request of all IP in list, the list is IP white lists.
Before configuration of territory item is not configured over the ground, locally stored IP blacklists are defaulted as sky, that is, allow allly
The user in domain conducts interviews, and after configuration of territory item is configured over the ground, updates local IP blacklists according to IP filtering rules
And/or IP white lists.For example, when the IP filtering rules in generation module 42 are to filter out the access that IP address is District of Shanghai to ask
Ask, then local IP blacklists are updated for all IP in District of Shanghai.
When headend equipment receives access request, parse the corresponding IP address of the access request, and by the IP address with
Locally stored IP blacklists and/or IP white lists after renewal is mated.If the IP address is in local IP blacklists,
Then refuse the corresponding access request of the IP address;If the IP address is not in local IP blacklists or in local IP white lists
In, then respond the corresponding access requests of the IP.
When configuration item includes access frequency configuration item:
Receiver module 41 is further adapted for:Receive configuration side's selected access frequency configuration item on the configuration page corresponding
Configuration information.
Configuration item includes access frequency configuration item.In a kind of situation, access frequency configuration item can be in the configuration page
Directly present, or present after a certain assigned operation in configuration side is received, such as triggering a certain shortcut or matching somebody with somebody
Present after putting a certain functional element of the page.Configuration side selects to need the one or more of configuration in the configuration item option for presenting
Configuration item, and it is input into corresponding configuration information.In the page is assumed, access frequency configuration item is such as selected, and be input into corresponding configuration
Information.Configuration information can be access frequency higher limit.
In another kind of situation, access frequency configuration item can not directly be presented in the configuration page, can be that basis connects
The configuration information of the configuration side's input for receiving judges which configuration item the fixed configuration information belongs to.For example, receive configuration side to exist
The configuration information being input on the configuration page is " access frequency maximum is 20 times/second ", then judge which belongs to access frequency and matches somebody with somebody
Put item.
Optionally, be guarantee system safety, receive configuration side configure the page on input configuration information before,
Authentication need to be carried out to configuration side, when authentication is by the executable subsequent step in rear.
For example, in online score inquiry website, the concurrent visit capacity of user is crossed conference and causes server overload, very
To the phenomenon for the machine of delaying occur, so needing to change the control strategy to user access activity in real time, access frequency mistake is such as limited
The access of high user.When implementing to user's access frequency control strategy, it is the access for limiting the too high user of access frequency,
Configuration side corresponding configuration information of the access frequency configuration item that is input on the page is configured is received, if the configuration side of reception is matching somebody with somebody
The access higher limit for putting access frequency configuration item input on the page is 50 times/second, then define to access frequency more than 50 times/second
User the control strategy that limited of access.
Generation module 42 is further adapted for:Access frequency restriction rule is generated according to configuration information.
Specifically, according to the configuration information in receiver module 41, to needing configuration information to be processed raw after processing
Into corresponding configuration rule.To needing configuration information to be processed to be processed can be specifically:Pass in identification configuration information
" maximum " " access frequency ", " 50 time/second " keyword in key word, such as identification " largest access frequency is 50 times/second ";Alternatively
Invalid information in configuration information is filtered etc., such as the configuration information of input is " largest access frequency is -2 times/seconds ", then will
This information filtering, and configuration side is fed back in modes such as promptings.Eventually through default generation program according to process after configuration
Information generates IP filtering rules.
And to the configuration information without the need for processing, such as configuration side is in largest access frequency item in selection access frequency configuration item
Input " 50 time/second ", then generate program according to the configuration rule being set, directly generates and filters out access frequency more than 50
The configuration rule of the access request of secondary/second.
Control module 44 is further adapted for:Local visit frequency threshold value is updated according to access frequency restriction rule;Currently
When end equipment receives access request, the corresponding IP address of parsing access request counts the access frequency of IP address, judges IP ground
Whether the access frequency of location is more than or equal to the visit frequency threshold value at Configuration Agent end, if so, then refuses the access request.
According to the access frequency restriction rule in generation module 42, locally stored visit frequency threshold value is updated.For example, former
First locally stored visit frequency threshold value is sky, when access frequency restriction rule is to limit the visit that access frequency is higher than 50 times/second
Request is asked, then local visit frequency threshold value is updated for 50 times/second.
When headend equipment receives access request, the corresponding IP address of parsing access request, and count the IP address
Access frequency.Locally stored visit frequency threshold value relatively in the access frequency and step 304 of the IP address of statistics, if statistics
IP address access frequency more than local visit frequency threshold value, then refuse the access request;If the visit of the IP address of statistics
Ask that frequency less than or equal to local visit frequency threshold value, then responds the access request.
According to the access Behavior- Based control device of the present invention, configuration side can be made only need to neatly to change by Web is operated in real time
Become IP control strategies and access frequency strategy, and IP is reduced without the need for restarting headend equipment again after control strategy change
The change cost of control strategy and access frequency strategy and improve its change efficiency;Simultaneously as which is simple to operate flexibly, need not
Special operation maintenance personnel operation, so that reduce personnel cost;Again as IP lists and visit frequency threshold value are stored in configuration generation
Reason end, FEP need not load mass data on startup.
Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein.
Various general-purpose systems can also be used together based on teaching in this.As described above, construct required by this kind of system
Structure be obvious.Additionally, the present invention is also not for any certain programmed language.It is understood that, it is possible to use various
Programming language realizes the content of invention described herein, and the above description done by language-specific is to disclose this
Bright preferred forms.
In description mentioned herein, a large amount of details are illustrated.It is to be appreciated, however, that the enforcement of the present invention
Example can be put into practice in the case where not having these details.In some instances, known method, structure are not been shown in detail
And technology, so as not to obscure the understanding of this description.
Similarly, it will be appreciated that in order to simplify the disclosure helping understand one or more in each inventive aspect,
Above in the description to the exemplary embodiment of the present invention, each feature of the present invention is grouped together into single enforcement sometimes
In example, figure or descriptions thereof.However, should not be construed to reflect following intention by the method for the disclosure:I.e. required guarantor
The more features of feature that the application claims ratio of shield is expressly recited in each claim.More precisely, such as following
Claims reflected as, inventive aspect is all features less than single embodiment disclosed above.Therefore,
Thus the claims for following specific embodiment are expressly incorporated in the specific embodiment, wherein each claim itself
All as the separate embodiments of the present invention.
Those skilled in the art be appreciated that can to embodiment in equipment in module carry out adaptively
Change and they are arranged in one or more equipment different from the embodiment.Can be the module in embodiment or list
Unit or component are combined into a module or unit or component, and can be divided in addition multiple submodule or subelement or
Sub-component.In addition at least some in such feature and/or process or unit is excluded each other, can adopt any
Combination is disclosed to all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so to appoint
Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification (includes adjoint power
Profit is required, summary and accompanying drawing) disclosed in each feature can identical by offers, be equal to or the alternative features of similar purpose carry out generation
Replace.
Although additionally, it will be appreciated by those of skill in the art that some embodiments described herein include other embodiments
In some included features rather than further feature, but the combination of the feature of different embodiments means in of the invention
Within the scope of and form different embodiments.For example, in the following claims, embodiment required for protection appoint
One of meaning can in any combination mode using.
The present invention all parts embodiment can be realized with hardware, or with one or more processor operation
Software module realize, or with combinations thereof realize.It will be understood by those of skill in the art that can use in practice
Microprocessor or digital signal processor (DSP) are realizing according to embodiments of the present invention access in Behavior- Based control device one
The some or all functions of a little or whole parts.The present invention is also implemented as executing method as described herein
Some or all equipment or program of device (for example, computer program and computer program).Such realization
The program of the present invention can be stored on a computer-readable medium, or can have the form of one or more signal.This
The signal of sample can be downloaded from internet website and be obtained, or provide on carrier signal, or be carried with any other form
For.
It should be noted that above-described embodiment the present invention will be described rather than limits the invention, and ability
Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference markss being located between bracket should not be configured to limitations on claims.Word "comprising" is not excluded the presence of not
Element listed in the claims or step.Word "a" or "an" before being located at element does not exclude the presence of multiple such
Element.The present invention can come real by means of the hardware for including some different elements and by means of properly programmed computer
Existing.If in the unit claim for listing equipment for drying, several in these devices can be by same hardware branch
To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and be run after fame
Claim.
Claims (10)
1. one kind accesses Behavior- Based control method, including:
Receive the configuration information that configuration side is input on the configuration page;
Configuration rule is generated according to the configuration information;
The configuration rule is synchronized to the Configuration Agent end that run in end equipment in each of front, for Configuration Agent end root
The access behavior of headend equipment is controlled according to the configuration rule.
2. method according to claim 1, wherein, the configuration page is Web page, and the configuration page is provided with many
The individual configuration item for being available for the side of configuration to select.
3. method according to claim 2, wherein, the configuration item includes:Region configuration item;
The configuration side's configuration information of input on the configuration page that receives is further included:Reception configuration side is on the configuration page
The corresponding configuration information of selected region configuration item;
Described according to configuration information generate configuration rule further include:IP filtering rules are generated according to configuration information;
The Configuration Agent end is controlled to the access behavior of headend equipment according to the configuration rule and further includes:
Configuration Agent end updates local IP blacklists and/or IP white lists according to the IP filtering rules;
When headend equipment receives access request, the corresponding IP address of parsing access request, by the IP address and configuration generation
The IP blacklists and/or IP white lists at reason end is mated, and is responded according to matching result or is refused the access request.
4. method according to claim 2, wherein, the configuration item includes:Access frequency configuration item;
The configuration side's configuration information of input on the configuration page that receives is further included:Reception configuration side is on the configuration page
The corresponding configuration information of selected access frequency configuration item;
Described according to configuration information generate configuration rule further include:Access frequency restriction rule is generated according to configuration information;
The Configuration Agent end is controlled to the access behavior of headend equipment according to the configuration rule and further includes:
Configuration Agent end updates local visit frequency threshold value according to the access frequency restriction rule;
When headend equipment receives access request, the corresponding IP address of parsing access request counts the access of the IP address
Frequency, judges whether the access frequency of the IP address is more than the visit frequency threshold value at Configuration Agent end, if so, then refuses
The access request.
5. the method according to any one of claim 1-4, also includes:
The Configuration Agent end is monitored to the access behavior of headend equipment;
When the visit capacity for monitoring headend equipment exceeds the visit capacity upper limit, send a notification message to configuration service end;
The configuration service end carries out alarming processing according to the notification message.
6. one kind accesses Behavior- Based control device, including:Configuration service end and multiple Configuration Agent ends;
The configuration service end includes:
Receiver module, is suitable to receive the configuration information that configuration side is input on the configuration page;
Generation module, is suitable to generate configuration rule according to the configuration information;
Synchronization module, is suitable to the configuration rule is synchronized to the Configuration Agent end that run in end equipment in each of front;
The Configuration Agent end includes:
Control module, is suitable to be controlled the access behavior of headend equipment according to the configuration rule.
7. device according to claim 6, wherein, the configuration page is Web page, and the configuration page is provided with many
The individual configuration item for being available for the side of configuration to select.
8. device according to claim 7, wherein, the configuration item includes:Region configuration item;
The receiver module is further adapted for:Receive the corresponding configuration of selected region configuration item on the page is configured of configuration side
Information;
The generation module is further adapted for:IP filtering rules are generated according to configuration information;
The control module is further adapted for:Local IP blacklists and/or IP white lists are updated according to the IP filtering rules;
When headend equipment receives access request, the corresponding IP address of parsing access request, by the IP address and Configuration Agent end
Local IP blacklists and/or IP white lists are mated, and are responded according to matching result or are refused the access request.
9. device according to claim 7, wherein, the configuration item includes:Access frequency configuration item;
The receiver module is further adapted for:Receive configuration side's selected access frequency configuration item on the configuration page corresponding
Configuration information;
The generation module is further adapted for:Access frequency restriction rule is generated according to configuration information;
The control module is further adapted for:Local visit frequency threshold value is updated according to the access frequency restriction rule;When
When headend equipment receives access request, the corresponding IP address of parsing access request counts the access frequency of the IP address, sentences
Whether the access frequency of the IP address of breaking is more than or equal to the visit frequency threshold value at Configuration Agent end, if so, then refuses
The access request.
10. the device according to any one of claim 1-4, wherein, the Configuration Agent end also includes:Monitoring module,
It is suitable to be monitored the access behavior of headend equipment;When the visit capacity for monitoring headend equipment exceeds the visit capacity upper limit, to
Configuration service end sends a notification message;
The configuration service end also includes:Alarm module, is suitable to carry out alarming processing according to the notification message.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611248960.5A CN106506559B (en) | 2016-12-29 | 2016-12-29 | Access behavior control method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611248960.5A CN106506559B (en) | 2016-12-29 | 2016-12-29 | Access behavior control method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106506559A true CN106506559A (en) | 2017-03-15 |
CN106506559B CN106506559B (en) | 2020-02-18 |
Family
ID=58334768
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611248960.5A Active CN106506559B (en) | 2016-12-29 | 2016-12-29 | Access behavior control method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106506559B (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108173714A (en) * | 2017-12-27 | 2018-06-15 | 北京奇艺世纪科技有限公司 | Detection method, detection device and the electronic equipment of public outlet IP address |
CN108900543A (en) * | 2018-08-13 | 2018-11-27 | 郑州云海信息技术有限公司 | The method and apparatus of managing firewall rule |
CN109034942A (en) * | 2018-06-14 | 2018-12-18 | 安徽鼎龙网络传媒有限公司 | A kind of server cloud expansion system in micro- scene management backstage wechat store |
CN109388655A (en) * | 2017-08-07 | 2019-02-26 | 北京京东尚科信息技术有限公司 | A kind of method and apparatus of dynamic control of data access |
CN109901923A (en) * | 2017-12-07 | 2019-06-18 | 财付通支付科技有限公司 | A kind of frequency limit method, frequency limit device and readable storage medium storing program for executing |
CN110134864A (en) * | 2019-04-25 | 2019-08-16 | 上海淇毓信息科技有限公司 | A kind of request filter method based on DSP party in request platform, device, system |
CN110933068A (en) * | 2019-11-26 | 2020-03-27 | 秒针信息技术有限公司 | Black and white list real-time optimization method and device, server and storage medium |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1384639A (en) * | 2002-06-11 | 2002-12-11 | 华中科技大学 | Distributed dynamic network security protecting system |
US20080052381A1 (en) * | 2006-08-22 | 2008-02-28 | Koon Wah Yu | Method and system for selecting a transcoder to convert between content types |
CN101562610A (en) * | 2009-05-27 | 2009-10-21 | 上海交通大学 | Network access control method capable of customizing inspection items |
CN104298686A (en) * | 2013-07-18 | 2015-01-21 | 深圳市腾讯计算机系统有限公司 | Method and device for modifying server configuration file |
CN104468226A (en) * | 2014-12-18 | 2015-03-25 | 山东中创软件工程股份有限公司 | Nginx configuration method and device |
CN105162793A (en) * | 2015-09-23 | 2015-12-16 | 上海云盾信息技术有限公司 | Method and apparatus for defending against network attacks |
CN105338017A (en) * | 2014-06-30 | 2016-02-17 | 北京新媒传信科技有限公司 | WEB defense method and system |
-
2016
- 2016-12-29 CN CN201611248960.5A patent/CN106506559B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1384639A (en) * | 2002-06-11 | 2002-12-11 | 华中科技大学 | Distributed dynamic network security protecting system |
US20080052381A1 (en) * | 2006-08-22 | 2008-02-28 | Koon Wah Yu | Method and system for selecting a transcoder to convert between content types |
CN101562610A (en) * | 2009-05-27 | 2009-10-21 | 上海交通大学 | Network access control method capable of customizing inspection items |
CN104298686A (en) * | 2013-07-18 | 2015-01-21 | 深圳市腾讯计算机系统有限公司 | Method and device for modifying server configuration file |
CN105338017A (en) * | 2014-06-30 | 2016-02-17 | 北京新媒传信科技有限公司 | WEB defense method and system |
CN104468226A (en) * | 2014-12-18 | 2015-03-25 | 山东中创软件工程股份有限公司 | Nginx configuration method and device |
CN105162793A (en) * | 2015-09-23 | 2015-12-16 | 上海云盾信息技术有限公司 | Method and apparatus for defending against network attacks |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109388655A (en) * | 2017-08-07 | 2019-02-26 | 北京京东尚科信息技术有限公司 | A kind of method and apparatus of dynamic control of data access |
CN109901923A (en) * | 2017-12-07 | 2019-06-18 | 财付通支付科技有限公司 | A kind of frequency limit method, frequency limit device and readable storage medium storing program for executing |
CN109901923B (en) * | 2017-12-07 | 2022-10-21 | 财付通支付科技有限公司 | Frequency limiting method, frequency limiting device and readable storage medium |
CN108173714A (en) * | 2017-12-27 | 2018-06-15 | 北京奇艺世纪科技有限公司 | Detection method, detection device and the electronic equipment of public outlet IP address |
CN109034942A (en) * | 2018-06-14 | 2018-12-18 | 安徽鼎龙网络传媒有限公司 | A kind of server cloud expansion system in micro- scene management backstage wechat store |
CN108900543A (en) * | 2018-08-13 | 2018-11-27 | 郑州云海信息技术有限公司 | The method and apparatus of managing firewall rule |
CN110134864A (en) * | 2019-04-25 | 2019-08-16 | 上海淇毓信息科技有限公司 | A kind of request filter method based on DSP party in request platform, device, system |
CN110134864B (en) * | 2019-04-25 | 2023-09-05 | 上海淇毓信息科技有限公司 | Request filtering method, device and system based on DSP (digital Signal processor) demand side platform |
CN110933068A (en) * | 2019-11-26 | 2020-03-27 | 秒针信息技术有限公司 | Black and white list real-time optimization method and device, server and storage medium |
CN110933068B (en) * | 2019-11-26 | 2022-03-01 | 秒针信息技术有限公司 | Black and white list real-time optimization method and device, server and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN106506559B (en) | 2020-02-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106506559A (en) | Access Behavior- Based control method and device | |
US11418486B2 (en) | Method and system for controlling internet browsing user security | |
CN109688097B (en) | Website protection method, website protection device, website protection equipment and storage medium | |
CN103957201B (en) | Domain-name information processing method based on DNS, apparatus and system | |
US9565145B2 (en) | Information sharing management on an instant messaging platform | |
US9781133B2 (en) | Automatic stability determination and deployment of discrete parts of a profile representing normal behavior to provide fast protection of web applications | |
CN101674293B (en) | Method and system for processing abnormal request in distributed application | |
WO2016209355A1 (en) | Managing unwanted tracking on a device | |
CN107465648A (en) | The recognition methods of warping apparatus and device | |
CN102231745A (en) | Safety system and method for network application | |
CN105939326A (en) | Message processing method and device | |
CN109313676B (en) | IP address access based on security level and access history | |
CN101931646A (en) | Internet brows management method, system and terminal | |
CN102227113B (en) | System and method for realizing filtering communication message | |
CN106503155B (en) | User change control method and system | |
CN110166436A (en) | The mimicry Web gateway system and method for dynamic dispatching are carried out using random selection | |
CN106789486B (en) | Method and device for detecting shared access, electronic equipment and computer readable storage medium | |
KR101823421B1 (en) | Apparatus and method for securiting network based on whithlist | |
EP3348024B1 (en) | Content policy discovery | |
CN106254312B (en) | method and device for achieving server attack prevention through virtual machine heterogeneous | |
TW201928750A (en) | Collation server, collation method, and computer program | |
CN109474601A (en) | A kind of scanning class attack method of disposal of Behavior-based control identification | |
CN117014232B (en) | Defending method, device, equipment and medium for denial of service attack | |
CN114244575A (en) | Automatic route hijacking blocking method and device | |
CN103685318B (en) | Data processing method and device for network safety prevention |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |