CN106506559A - Access Behavior- Based control method and device - Google Patents

Access Behavior- Based control method and device Download PDF

Info

Publication number
CN106506559A
CN106506559A CN201611248960.5A CN201611248960A CN106506559A CN 106506559 A CN106506559 A CN 106506559A CN 201611248960 A CN201611248960 A CN 201611248960A CN 106506559 A CN106506559 A CN 106506559A
Authority
CN
China
Prior art keywords
configuration
access
item
page
rule
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611248960.5A
Other languages
Chinese (zh)
Other versions
CN106506559B (en
Inventor
陈宗志
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihoo Technology Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201611248960.5A priority Critical patent/CN106506559B/en
Publication of CN106506559A publication Critical patent/CN106506559A/en
Application granted granted Critical
Publication of CN106506559B publication Critical patent/CN106506559B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of access Behavior- Based control method and device, it is related to technical field of network information.The method includes:Receive the configuration information that configuration side is input on the configuration page;Configuration rule is generated according to the configuration information;The configuration rule is synchronized to the Configuration Agent end that run in end equipment in each of front, so that the Configuration Agent end is controlled to the access behavior of headend equipment according to the configuration rule.Using this programme, configuration side can be made only need to change the control strategy to user access activity in real time by configuration page operation, and without the need for restarting headend equipment again after control strategy change, reduce the change cost of access Behavior- Based control and improve which and change efficiency;Meanwhile, and as which is simple to operate flexibly, operate without the need for special operation maintenance personnel, so as to reduce personnel cost.

Description

Access Behavior- Based control method and device
Technical field
The present invention relates to technical field of network information, and in particular to a kind of access Behavior- Based control method and device.
Background technology
With the continuous development of the network information technology, the Working Life of people has been goed deep in disparate networks service.But accessing Amount excessive, when back-end services cannot meet the access request of all users, be ensure back-end services availability and stability, meeting The control strategy of real-time adjustment user access activity.
For example, be the access that limits certain regional user, in existing scheme, need the IP of shielding to be recorded in IP In list, by the configuration file of IP lists write headend equipment (such as nginx), nginx is according to the IP row write in configuration file Table, filters out the access request of the corresponding users of IP of shielding, realizes the control to user access activity.However, adopting this side Method, needs to write excessive IP information in the configuration file of nginx, and nginx can be caused to need to load mass data when starting Into internal memory, the startability of nginx is affected;And, the method depends on IP lists, it is impossible to realize neatly IP controls plan Slightly;Need to restart nginx after due to changing the configuration file of nginx and can just come into force, thus the method cannot meet and frequently increase Plus or modification IP filtration needs;In addition, the configuration file of modification nginx needs special operation maintenance personnel to be operated, Ren Yuancheng This is higher.
Content of the invention
In view of the above problems, it is proposed that the present invention so as to provide one kind overcome the problems referred to above or at least in part solve on State the access Behavior- Based control method and device of problem.
According to an aspect of the invention, there is provided a kind of access Behavior- Based control method, which includes:
Receive the configuration information that configuration side is input on the configuration page;
Configuration rule is generated according to the configuration information;
The configuration rule is synchronized to the Configuration Agent end that run in end equipment in each of front, for the Configuration Agent End is controlled to the access behavior of headend equipment according to the configuration rule.
According to a further aspect in the invention, there is provided a kind of access Behavior- Based control device, which includes:Configuration service end and many Individual Configuration Agent end;
The configuration service end includes:
Receiver module, is suitable to receive the configuration information that configuration side is input on the configuration page;
Generation module, is suitable to generate configuration rule according to the configuration information;
Synchronization module, is suitable to the configuration rule is synchronized to the Configuration Agent end that run in end equipment in each of front;
The Configuration Agent end includes:
Control module, is suitable to be controlled the access behavior of headend equipment according to the configuration rule.
According to the access Behavior- Based control method and device of the present invention, by matching somebody with somebody that reception configuration side is input on the configuration page Confidence ceases;Configuration rule is generated according to configuration information;Configuration rule is synchronized to the configuration generation that run in end equipment in each of front Reason end, so that Configuration Agent end is controlled to the access behavior of headend equipment according to configuration rule.Using this programme, can make to match somebody with somebody The side of putting only can need to change the control strategy to user access activity in configuration page operation in real time, reduce access behavior control The change cost of system and improve its change efficiency;Meanwhile, and as which is simple to operate flexibly, grasp without the need for special operation maintenance personnel Make, so as to reduce personnel cost.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention, And can be practiced according to the content of description, and in order to allow the above and other objects of the present invention, feature and advantage can Become apparent, below especially exemplified by the specific embodiment of the present invention.
Description of the drawings
By reading the detailed description of hereafter preferred implementation, various other advantages and benefit are common for this area Technical staff will be clear from understanding.Accompanying drawing is only used for the purpose for illustrating preferred implementation, and is not considered as to the present invention Restriction.And in whole accompanying drawing, it is denoted by the same reference numerals identical part.In the accompanying drawings:
Fig. 1 shows the schematic flow sheet of the access Behavior- Based control method provided according to one embodiment of the invention;
Fig. 2 shows the schematic flow sheet of the access Behavior- Based control method for providing according to a further embodiment of the invention;
Fig. 3 shows the schematic flow sheet for accessing Behavior- Based control method according to another embodiment offer of the present invention;
Fig. 4 shows the illustrative view of functional configuration of the access Behavior- Based control device provided according to one embodiment of the invention;
Fig. 5 shows that the functional structure of the access Behavior- Based control device for providing according to a further embodiment of the invention is illustrated Figure.
Specific embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although the disclosure is shown in accompanying drawing Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure and should not be by embodiments set forth here Limited.On the contrary, there is provided these embodiments are able to be best understood from the disclosure, and can be by the scope of the present disclosure Complete conveys to those skilled in the art.
Fig. 1 shows the schematic flow sheet of the access Behavior- Based control method provided according to one embodiment of the invention.Such as Fig. 1 Shown, the method is comprised the following steps:
Step 101, receives the configuration information that configuration side is input on the configuration page.
Wherein, the configuration page can be Web page.Containing multiple configuration items for being available for the side of configuration to select in the configuration page. Configuration item includes region configuration item, access frequency configuration item or other configurations item.The configuration item that configuration item can be carried for system Or the configuration item of configuration root self-defined setting according to practical application.Configuration can carry out additions and deletions to configuration item.
In a kind of situation, configuration item directly can present in the configuration page, or receive configuration side certain Present after one assigned operation, such as present after a certain shortcut or a certain functional element of the configuration page is triggered.Configuration side The one or more configuration items for needing configuration are selected in the configuration item option for presenting, and are input into corresponding configuration information.As needed When configuration of territory item is configured over the ground, selectively configuration of territory item in the page is assumed, and it is input into corresponding configuration information.Match somebody with somebody confidence Breath can be region name or the code name for needing to limit, or need region name or code name of response etc..
In another kind of situation, configuration item can not directly be presented in the configuration page, can be according to matching somebody with somebody for receiving The configuration information of the side's of putting input judges which configuration item the fixed configuration information belongs to.For example, configuration side is received in configuration page The configuration information being input on face is " it is 10 times/second to limit the Shanghai access frequency upper limit ", then judge its belong to region configuration item with The combination of access frequency configuration item.
Optionally, be guarantee system safety, receive configuration side configure the page on input configuration information before, Authentication need to be carried out to configuration side, when authentication is by the executable subsequent step in rear.
For example, certain online education website series video that live high examination paper is answerred questions after college entrance examination, wherein, series is regarded Frequency division is Beijing volume, Shanghai volume, a roll of, national volume two of whole nation etc..When user's visit capacity is excessive, it is the normal of guarantee server Operation, configuration can be input into configuration information on the configuration page, to be used for the access behavior for controlling user.For example, live During the volume video of Beijing, configuration can in the configuration page selectively configuration of territory item, and only defeated in the permission item of region configuration item Enter Beijing, when live video switches to the national video of volume two by Beijing volume video, configuration can be input in above-mentioned permission item Henan, Shandong etc. are using national volume two of area.Again due to using national volume two of province more, configuration side also can be in configuration page Access frequency configuration item is selected in face, and is input into the highest frequency that unique user allows to access.
Step 102, generates configuration rule according to configuration information.
Specifically, according to the configuration information in step 101, to needing configuration information to be processed to generate phase after processing The configuration rule that answers.To needing configuration information to be processed to be processed can be specifically:Keyword in identification configuration information, Such as " permission " and " Beijing " keyword in identification " allowing Beijing area to access ";It is to invalid information in configuration information that may also be Filter etc., such as the configuration information of input is " allowing Beijing, Meishan area to conduct interviews ", when in system without Meishan area class When other, then by this information filtering, and configuration side is fed back in modes such as promptings;Or other processing modes.By default Generation program according to process after configuration information generate corresponding configuration rule.
And to the configuration information without the need for processing, such as configuration side is input into " Shanghai " in limit entry in selectively configuration of territory item, Program is generated according to the configuration rule being set then, configuration rule is directly generated.
For example, configuration rule can be:When the configuration information of configuration side's input in step 101 is for " only permission is northern Capital ", the then configuration rule for being generated according to the configuration information are the access request for filtering out the user that IP address is non-Beijing area; When in step 101, the input of configuration side both inclusively only allows the configuration information that the user of Beijing area accesses in configuration of territory item, It is 10 times/second comprising the highest frequency for allowing in access frequency configuration item unique user to access again, then the configuration rule for generating is, After the access request for filtering out the user that IP address is non-Beijing area, access frequency is further filtered out more than 10 times/second User access request.
Step 103, configuration rule is synchronized to the Configuration Agent end that run in end equipment in each of front, for Configuration Agent End is controlled to the access behavior of headend equipment according to configuration rule.
Configuration rule in step 102 is synchronized to the Configuration Agent end that run in each headend equipment, Configuration Agent end After configuration rule is obtained, the access behavior of headend equipment is controlled according to configuration rule.
For example, ask if the configuration rule in step 102 is the access for filtering out the user that access frequency is more than 10 times/second Ask, then by the regular and synchronized to Configuration Agent end, when headend equipment receives access request, the corresponding IP of parsing access request Address, counts the access frequency of IP address, whether judges the access frequency more than the visit frequency threshold value in Configuration Agent end, and Responded according to judged result or refuse the access request.
Optionally, before above-mentioned steps, Configuration Agent end can be monitored to the access behavior of headend equipment, work as monitoring When arriving the visit capacity of headend equipment beyond the visit capacity upper limit, send a notification message to configuration service end.Configuration service end is receiving Alarming processing is carried out according to the notification message to after notification message.Alarming processing is specifically as follows with page prompts or other promptings Method exceeds the alarm prompt of the visit capacity upper limit to configuration side's amount of conducting interviews, so that configuration side can be changed in real time to user The control strategy of access behavior.
According to the present invention access Behavior- Based control method, by receive configuration side configure the page on be input into confidence Breath, and configuration rule is generated according to configuration information, most configuration rule is synchronized to the configuration that run in end equipment in each of front at last Agent side, so that Configuration Agent end is controlled to the access behavior of headend equipment according to configuration rule.Using this programme, can make Configuration side only can need to change the control strategy to user access activity in configuration page operation in real time, and in control strategy more Without the need for restarting headend equipment again after changing, reduce the change cost of access Behavior- Based control and improve which and change efficiency;Meanwhile, Again as which is simple to operate flexibly, operate without the need for special operation maintenance personnel, so as to reduce personnel cost.
Fig. 2 shows the schematic flow sheet of the access Behavior- Based control method for providing according to a further embodiment of the invention.Such as Shown in Fig. 2, the method is comprised the following steps:
Step 201, receives the configuration information that configuration side is input on the configuration page.
Wherein, the configuration page can be Web page.Containing multiple configuration items for being available for the side of configuration to select in the configuration page. Configuration item includes region configuration item.
In a kind of situation, region configuration item can directly present in the configuration page, or receive configuration Present after a certain assigned operation in side, such as present after a certain shortcut or a certain functional element of the configuration page is triggered.Match somebody with somebody The side of putting selects the one or more configuration items for needing configuration in the configuration item option for presenting, and is input into corresponding configuration information. As when configuration of territory item is configured over the ground, selectively configuration of territory item in the page is assumed, and it is input into corresponding configuration information.Configuration Information can be region name or the code name for needing to limit, or need region name or code name of response etc..
In another kind of situation, region configuration item can not directly be presented in the configuration page, can be that basis is received The configuration information of configuration side's input judge which configuration item the fixed configuration information belongs to.For example, receive configuration side matching somebody with somebody It is " restriction Shanghai " to put the configuration information being input on the page, then judge which belongs to region configuration item.
Optionally, be guarantee system safety, receive configuration side configure the page on input configuration information before, Authentication need to be carried out to configuration side, when authentication is by the executable subsequent step in rear.
For example, during live, the concurrent visit capacity of user is crossed conference and causes server overload, or even occurs delaying The phenomenon of machine, so need to change the control strategy to user access activity in real time.For example, the user for limiting certain areas visits Ask to ensure normal access of major area user etc..
To certain areas user access limit when, receive configuration side configure the page on be input into confidence Breath, to limit the access behavior of a part of user.For example, be limit District of Shanghai user access, receive configuration side in region The Shanghai being input in the limit entry of configuration item, then define and access the control strategy for being limited to Shanghai user.
Step 202, generates IP filtering rules according to configuration information.
Specifically, according to the configuration information in step 201, to needing configuration information to be processed to generate phase after processing The configuration rule that answers.To needing configuration information to be processed to be processed can be specifically:Keyword in identification configuration information, Such as " permission " and " Beijing " keyword in identification " allowing Beijing area to access ";It is to invalid information in configuration information that may also be Filter etc., such as the configuration information of input is " allowing Beijing, Meishan area to conduct interviews ", when in system without Meishan area class When other, then by this information filtering, and configuration side is fed back in modes such as promptings.After default generation program is according to process Configuration information generates IP filtering rules.
And to the configuration information without the need for processing, such as configuration side is input into " Shanghai " in limit entry in selectively configuration of territory item, Program is generated according to the configuration rule being set then, the access request configuration for filtering out that IP address is District of Shanghai is directly generated Rule.
Step 203, Configuration Agent end update local IP blacklists and/or IP white lists according to IP filtering rules.
Wherein, the IP lists of each region are preserved at Configuration Agent end.If preventing the corresponding access of all IP in list Request, then the list is IP blacklists;If allowing the corresponding access request of all IP in list, the list is IP white lists.
Before configuration of territory item is not configured over the ground, locally stored IP blacklists are defaulted as sky, that is, allow allly The user in domain conducts interviews, and after configuration of territory item is configured over the ground, rule are filtered according to the IP in step 202 in Configuration Agent end Local IP blacklist and/or IP white list are then updated.For example, when the IP filtering rules in step 202 are to filter out IP address For the access request of District of Shanghai, then local IP blacklists are updated for all IP in District of Shanghai.
Step 204, when headend equipment receives access request, the corresponding IP address of parsing access request, by IP address Mated with the IP blacklists and/or IP white lists at Configuration Agent end, responded according to matching result or denied access please Ask.
When headend equipment receives access request, parse the corresponding IP address of the access request, and by the IP address with Locally stored IP blacklists and/or IP white lists after Configuration Agent end updates in step 203 is mated.If the IP address In local IP blacklists, then refuse the corresponding access request of the IP address;If the IP address is not in local IP blacklists Or in local IP white lists, then respond the corresponding access requests of the IP.
Optionally, before above-mentioned steps are executed, Configuration Agent end is monitored to the access behavior of headend equipment, works as monitoring When arriving the visit capacity of headend equipment beyond the visit capacity upper limit, send a notification message to configuration service end.Configuration service end is receiving To after notification message, alarming processing is carried out according to the notification message.
For example, during live, user's visit capacity needs to change when excessive in real time to user access activity Control strategy.For example, the user for limiting certain areas accesses to ensure the normal access of major area user.For ensureing configuration side In real time the control strategy of user access activity can be adjusted, access behavior of the Configuration Agent end to headend equipment can be passed through Be monitored, when the visit capacity of headend equipment being monitored beyond default access thresholds, send a notification message to configuration service end. Configuration service end after receiving the notifying message, carries out alarming processing according to the notification message, then by configuration side, basis should Alarm changes the control strategy of user access activity in real time.
According to the access Behavior- Based control method of the present invention, by receiving configuration side in the configuration of territory item input of Web page Shangdi Configuration information, and IP filtering rules are generated according to configuration information, Configuration Agent end updates local IP according to IP filtering rules Blacklist and/or IP white lists.When headend equipment receives access request, the corresponding IP address of parsing access request should IP address is mated with the IP blacklists and/or IP white lists at Configuration Agent end, is responded according to matching result or is refused The access request.Using this programme, using this programme, configuration side can be made only need to neatly to change IP by Web is operated in real time Control strategy, and the change cost of IP control strategies is reduced without the need for restarting headend equipment again after control strategy change And improve its change efficiency;Simultaneously as which is simple to operate flexibly, operate without the need for special operation maintenance personnel, so as to reduce people Member's cost;Again as IP lists are stored in Configuration Agent end, FEP need not load mass data on startup.
Fig. 3 shows the schematic flow sheet for accessing Behavior- Based control method according to another embodiment offer of the present invention.Such as Shown in Fig. 3, the method is comprised the following steps:
Step 301, receives the configuration information that configuration side is input on the configuration page.
Wherein, the configuration page can be Web page.Containing multiple configuration items for being available for the side of configuration to select in the configuration page. Configuration item includes access frequency configuration item.
In a kind of situation, access frequency configuration item can directly present in the configuration page, or receive Present after a certain assigned operation in configuration side, such as after a certain shortcut or a certain functional element of the configuration page is triggered be in Existing.Configuration side selects the one or more configuration items for needing configuration in the configuration item option for presenting, and is input into corresponding configuration Information.In the page is assumed, access frequency configuration item is such as selected, and be input into corresponding configuration information.Configuration information can be to access Upper frequency limit value.
In another kind of situation, access frequency configuration item can not directly be presented in the configuration page, can be that basis connects The configuration information of the configuration side's input for receiving judges which configuration item the fixed configuration information belongs to.For example, receive configuration side to exist The configuration information being input on the configuration page is " access frequency maximum is 20 times/second ", then judge which belongs to access frequency and matches somebody with somebody Put item.
Optionally, be guarantee system safety, receive configuration side configure the page on input configuration information before, Authentication need to be carried out to configuration side, when authentication is by the executable subsequent step in rear.
For example, in online score inquiry website, the concurrent visit capacity of user is crossed conference and causes server overload, very To the phenomenon for the machine of delaying occur, so needing to change the control strategy to user access activity in real time, access frequency mistake is such as limited The access of high user.When implementing to user's access frequency control strategy, it is the access for limiting the too high user of access frequency, Configuration side corresponding configuration information of the access frequency configuration item that is input on the page is configured is received, if the configuration side of reception is matching somebody with somebody The access higher limit for putting access frequency configuration item input on the page is 50 times/second, then define to access frequency more than 50 times/second User the control strategy that limited of access.
Step 302, generates access frequency restriction rule according to configuration information.
Specifically, according to the configuration information in step 301, to needing configuration information to be processed to generate phase after processing The configuration rule that answers.To needing configuration information to be processed to be processed can be specifically:Keyword in identification configuration information, Such as " maximum " " access frequency ", " 50 time/second " keyword in identification " largest access frequency is 50 times/second ";Alternatively to matching somebody with somebody In confidence breath, invalid information is filtered etc., and such as the configuration information of input is " largest access frequency is -2 times/seconds ", then believe this Breath is filtered, and feeds back to configuration side in modes such as promptings.Eventually through default generation program according to process after configuration information Generate access frequency restriction rule.
And to the configuration information without the need for processing, such as configuration side is in largest access frequency item in selection access frequency configuration item Input " 50 time/second ", then generate program according to the configuration rule being set, directly generates and filters out access frequency more than 50 The configuration rule of the access request of secondary/second.
Step 303, Configuration Agent end update local visit frequency threshold value according to access frequency restriction rule.
Configuration Agent end updates locally stored visit frequency threshold value according to the access frequency restriction rule in step 302. For example, originally locally stored visit frequency threshold value is sky, when in step 303, access frequency restriction rule is restriction access frequency Higher than the access request of 50 times/second, then it is 50 times/second that Configuration Agent end updates local visit frequency threshold value.
Step 304, when headend equipment receives access request, the corresponding IP address of parsing access request, statistics IP ground The access frequency of location, judges whether the access frequency of IP address is more than or equal to the visit frequency threshold value at Configuration Agent end, If so, then refuse the access request;If it is not, then responding the access request.
When headend equipment receives access request, the corresponding IP address of parsing access request, and count the IP address Access frequency.Locally stored visit frequency threshold value relatively in the access frequency and step 304 of the IP address of statistics, if statistics IP address access frequency more than local visit frequency threshold value, then refuse the access request;If the visit of the IP address of statistics Ask that frequency less than or equal to local visit frequency threshold value, then responds the access request.
Optionally, before above-mentioned steps are executed, Configuration Agent end is monitored to the access behavior of headend equipment, works as monitoring When arriving the visit capacity of headend equipment beyond the visit capacity upper limit, send a notification message to configuration service end.Configuration service end is receiving To after notification message, alarming processing is carried out according to the notification message.
For example, need to change the control strategy to user access activity in real time when user's visit capacity is excessive.For Ensure that configuration can be adjusted to the control strategy of user access activity in real time, Configuration Agent end can be passed through to headend equipment Access behavior be monitored, when the visit capacity of headend equipment is monitored beyond default access thresholds, send out to configuration service end Send notification message.Configuration service end after receiving the notifying message, carries out alarming processing according to the notification message, then configuration side The control strategy of user access activity can be changed according to the alarm in real time.
According to the access Behavior- Based control method of the present invention, frequency configuration item is accessed in Web page by receiving configuration side The configuration information of input, and access frequency restriction rule is generated according to configuration information, Configuration Agent end is limited according to access frequency The local visit frequency threshold value of Policy Updates.When headend equipment receives access request, the corresponding IP ground of parsing access request Location, counts the access frequency of the IP address, compares the access frequency and local visit frequency threshold value of the IP address, and according to than Relatively result is responded or refuses the access request.Using this programme, configuration side can be made only need to neatly to change by Web is operated in real time Become access frequency control strategy, and access frequency control is reduced without the need for restarting headend equipment again after control strategy change Make the change cost of strategy and improve which and change efficiency;Simultaneously as which is simple to operate flexibly, grasp without the need for special operation maintenance personnel Make, so as to reduce personnel cost;Again as visit frequency threshold value is stored in Configuration Agent end, thus FEP on startup without Mass data need to be loaded.
Above-mentioned two embodiment is that configuration item is region configuration item and the access Behavior- Based control method of access frequency configuration item, However, it will be understood by those skilled in the art that configuration item in the present invention not only inclusively configuration of territory item and access frequency configuration item, also Comprising other configurations item, such as level of security configuration item etc..So that configuration item is comprising level of security configuration as an example, then access Behavior- Based control Method is specially:After the corresponding configuration information of the level of security configuration item that selects on configuration interface of configuration side is received, for example, The configuration information can be the configuration information of the low access behavior of refusal level of security.Level of security is generated according to the configuration information Control rule.The level of security control rule can be the visit for limiting safety detection control A to access environment scoring less than 60 points Ask request;Allow access requests of the safety detection control A to access environment scoring more than or equal to 60 points.And by the configuration rule The Configuration Agent end that run in end equipment in each of front is synchronized to, Configuration Agent end can update local peace according to configuration rule Full level threshold is 60 points.When headend equipment receives access request, scored for access environment by safe control A, If scoring responds the access request more than or equal to 60 points;Otherwise, refuse the access request.
Fig. 4 shows the illustrative view of functional configuration of the access Behavior- Based control device provided according to one embodiment of the invention. As shown in figure 4, the device includes:Configuration service end and multiple Configuration Agent ends;
Wherein, the configuration service end includes:Receiver module 41, generation module 42, synchronization module 43;The Configuration Agent end bag Include control module 44.
Receiver module 41, is suitable to receive the configuration information that configuration side is input on the configuration page.
Wherein, the configuration page can be Web page.Containing multiple configuration items for being available for the side of configuration to select in the configuration page. Configuration item includes region configuration item, access frequency configuration item or other configurations item.The configuration item that configuration item can be carried for system Or the configuration item of configuration root self-defined setting according to practical application.Configuration can carry out additions and deletions to configuration item.
In a kind of situation, configuration item directly can present in the configuration page, or receive configuration side certain Present after one assigned operation, such as present after a certain shortcut or a certain functional element of the configuration page is triggered.Configuration side The one or more configuration items for needing configuration are selected in the configuration item option for presenting, and are input into corresponding configuration information.As needed When configuration of territory item is configured over the ground, selectively configuration of territory item in the page is assumed, and it is input into corresponding configuration information.Match somebody with somebody confidence Breath can be region name or the code name for needing to limit, or need region name or code name of response etc..
In another kind of situation, configuration item can not directly be presented in the configuration page, can be according to matching somebody with somebody for receiving The configuration information of the side's of putting input judges which configuration item the fixed configuration information belongs to.For example, configuration side is received in configuration page The configuration information being input on face is " it is 10 times/second to limit the Shanghai access frequency upper limit ", then judge its belong to region configuration item with The combination of access frequency configuration item.
Optionally, be guarantee system safety, receive configuration side configure the page on input configuration information before, Authentication need to be carried out to configuration side, when authentication is by the executable subsequent step in rear.
For example, certain online education website series video that live high examination paper is answerred questions after college entrance examination, wherein, series is regarded Frequency division is Beijing volume, Shanghai volume, a roll of, national volume two of whole nation etc..When user's visit capacity is excessive, it is the normal of guarantee server Operation, configuration can be input into configuration information on the configuration page, to be used for the access behavior for controlling user.For example, live During the volume video of Beijing, configuration can in the configuration page selectively configuration of territory item, and only defeated in the permission item of region configuration item Enter Beijing, when live video switches to the national video of volume two by Beijing volume video, configuration can be input in above-mentioned permission item Henan, Shandong etc. are using national volume two of area.Again due to using national volume two of province more, configuration side also can be in configuration page Access frequency configuration item is selected in face, and is input into the highest frequency that unique user allows to access.
Generation module 42, is suitable to generate configuration rule according to configuration information.
Specifically, according to the configuration information in receiver module 41, to needing configuration information to be processed raw after processing Into corresponding configuration rule.To needing configuration information to be processed to be processed can be specifically:Pass in identification configuration information " permission " and " Beijing " keyword in key word, such as identification " allowing Beijing area to access ";It is to nothing in configuration information that may also be Effect information is filtered etc., and such as the configuration information of input is " allowing Beijing, Meishan area to conduct interviews ", when in system without Meishan During regional classification, then by this information filtering, and configuration side is fed back in modes such as promptings;Or other processing modes.Pass through Default generation program according to process after configuration information generate corresponding configuration rule.
And to the configuration information without the need for processing, such as configuration side is input into " Shanghai " in limit entry in selectively configuration of territory item, Program is generated according to the configuration rule being set then, configuration rule is directly generated.
For example, configuration rule can be:When the configuration information of configuration side's input in receiver module 41 is for " only permission is northern Capital ", the then configuration rule for being generated according to the configuration information are the access request for filtering out the user that IP address is non-Beijing area; When in receiver module 41 input of configuration side both inclusively only allow that the user of Beijing area accesses in configuration of territory item with confidence Breath, but comprising in access frequency configuration item allow unique user access highest frequency be 10 times/second, then the configuration rule for generating For, after the access request for filtering out the user that IP address is non-Beijing area, further filter out access frequency more than 10 times/ The access request of the user of second.
Synchronization module 43, is suitable to configuration rule is synchronized to the Configuration Agent end that run in end equipment in each of front.
Configuration rule in generation module 42 is synchronized to the Configuration Agent end that run in end equipment in each of front.Citing comes Say, if the configuration rule in generation module 42 is the access request for filtering out access frequency more than the user of 10 times/second, should Regular and synchronized is to Configuration Agent end.
Control module 44, is suitable to be controlled the access behavior of headend equipment according to configuration rule.
After configuration rule to be synchronized to synchronization module 43 the Configuration Agent end that run in end equipment in each of front, according to this Configuration rule is controlled to the access behavior of headend equipment.For example, if to will filter out access frequency big for synchronization module 43 After the configuration rule of the access request of the user of 10 times/second is synchronized to Configuration Agent end, ask when headend equipment receives access Whether, when asking, the corresponding IP address of parsing access request counts the access frequency of IP address, judge the access frequency more than configuration Visit frequency threshold value in agent side, and responded according to judged result or refuse the access request.
According to the access Behavior- Based control device of the present invention, the input on the configuration page of configuration side is received by receiver module Configuration information, and configuration rule is generated according to configuration information by generation module, and pass through synchronization module by configuration rule synchronization To the Configuration Agent end that runs in end equipment in each of front, the visit eventually through control module according to configuration rule to headend equipment The behavior of asking is controlled.Using this programme, configuration side can be made only need to change by configuration page operation in real time user is visited The control strategy of behavior is asked, and access Behavior- Based control is reduced without the need for restarting headend equipment again after control strategy change Change cost and improve its change efficiency;Meanwhile, and as which is simple to operate flexibly, operate without the need for special operation maintenance personnel, So as to reduce personnel cost.
Fig. 5 shows that the functional structure of the access Behavior- Based control device for providing according to a further embodiment of the invention is illustrated Figure.
As shown in figure 5, on the basis of Fig. 4 shown devices, the access Behavior- Based control device also includes:Configuration Agent end Monitoring module 51, the alarm module 52 at configuration service end.
Monitoring module 51, is suitable to be monitored the access behavior of headend equipment;When the visit capacity for monitoring headend equipment During beyond the visit capacity upper limit, send a notification message to configuration service end.
For example, during live, user's visit capacity needs to change when excessive in real time to user access activity Control strategy.For example, the user for limiting certain areas accesses to ensure the normal access of major area user.For ensureing configuration side In real time the control strategy of user access activity can be adjusted, access behavior of the Configuration Agent end to headend equipment can be passed through Be monitored, when the visit capacity of headend equipment being monitored beyond default access thresholds, send a notification message to alarm module 52.
Alarm module 52, is suitable to carry out alarming processing according to notification message.
After the notification message for receiving the transmission of monitoring module 51, alarming processing is carried out according to the notification message.Alert process The alarm prompt for exceeding the visit capacity upper limit with page prompts or other reminding methods to configuration side's amount of conducting interviews is specifically as follows, So that configuration side can change the control strategy to user access activity in real time.
When configuration item inclusively configuration of territory item:
Receiver module 41 is further adapted for:Selected region configuration item is corresponding matches somebody with somebody on the page is configured to receive configuration side Confidence ceases.
Configuration item inclusively configuration of territory item when, in a kind of situation, region configuration item can configuration the page in be in directly Existing, or presentation after a certain assigned operation in configuration side is received, is such as triggering a certain shortcut or the configuration page Present after a certain functional element.Configuration side selects the one or more configurations for needing configuration in the configuration item option for presenting , and it is input into corresponding configuration information.As when configuration of territory item is configured over the ground, selectively configuration of territory item in the page is assumed, And it is input into corresponding configuration information.Region name or code name that configuration information can be limited for needs, or the region for needing response Title or code name etc..
In another kind of situation, region configuration item can not directly be presented in the configuration page, can be that basis is received The configuration information of configuration side's input judge which configuration item the fixed configuration information belongs to.For example, receive configuration side matching somebody with somebody It is " restriction Shanghai " to put the configuration information being input on the page, then judge which belongs to region configuration item.
Optionally, be guarantee system safety, receive configuration side configure the page on input configuration information before, Authentication need to be carried out to configuration side, when authentication is by the executable subsequent step in rear.
For example, during live, the concurrent visit capacity of user is crossed conference and causes server overload, or even occurs delaying The phenomenon of machine, so need to change the control strategy to user access activity in real time.For example, the user for limiting certain areas visits Ask to ensure normal access of major area user etc..
To certain areas user access limit when, receive configuration side configure the page on be input into confidence Breath, to limit the access behavior of a part of user.For example, be limit District of Shanghai user access, receive configuration side in region The Shanghai being input in the limit entry of configuration item, then define and access the control strategy for being limited to Shanghai user.
Generation module 42 is further adapted for:IP filtering rules are generated according to configuration information.
Specifically, according to the configuration information in receiver module 41, to needing configuration information to be processed raw after processing Into corresponding configuration rule.To needing configuration information to be processed to be processed can be specifically:Pass in identification configuration information " permission " and " Beijing " keyword in key word, such as identification " allowing Beijing area to access ";It is to nothing in configuration information that may also be Effect information is filtered etc., and such as the configuration information of input is " allowing Beijing, Meishan area to conduct interviews ", when in system without Meishan During regional classification, then by this information filtering, and configuration side is fed back in modes such as promptings.By default generation program according to place Configuration information after reason generates IP filtering rules.
And to the configuration information without the need for processing, such as configuration side is input into " Shanghai " in limit entry in selectively configuration of territory item, Program is generated according to the configuration rule being set then, the access request configuration for filtering out that IP address is District of Shanghai is directly generated Rule.
Control module 44 is further adapted for:Local IP blacklists and/or IP white lists are updated according to IP filtering rules;When When headend equipment receives access request, the corresponding IP address of parsing access request, by IP address and Configuration Agent end IP blacklists and/or IP white lists are mated, and responded according to matching result or refusal states access request.
Wherein, the IP lists of each region are preserved at Configuration Agent end.If preventing the corresponding access of all IP in list Request, then the list is IP blacklists;If allowing the corresponding access request of all IP in list, the list is IP white lists.
Before configuration of territory item is not configured over the ground, locally stored IP blacklists are defaulted as sky, that is, allow allly The user in domain conducts interviews, and after configuration of territory item is configured over the ground, updates local IP blacklists according to IP filtering rules And/or IP white lists.For example, when the IP filtering rules in generation module 42 are to filter out the access that IP address is District of Shanghai to ask Ask, then local IP blacklists are updated for all IP in District of Shanghai.
When headend equipment receives access request, parse the corresponding IP address of the access request, and by the IP address with Locally stored IP blacklists and/or IP white lists after renewal is mated.If the IP address is in local IP blacklists, Then refuse the corresponding access request of the IP address;If the IP address is not in local IP blacklists or in local IP white lists In, then respond the corresponding access requests of the IP.
When configuration item includes access frequency configuration item:
Receiver module 41 is further adapted for:Receive configuration side's selected access frequency configuration item on the configuration page corresponding Configuration information.
Configuration item includes access frequency configuration item.In a kind of situation, access frequency configuration item can be in the configuration page Directly present, or present after a certain assigned operation in configuration side is received, such as triggering a certain shortcut or matching somebody with somebody Present after putting a certain functional element of the page.Configuration side selects to need the one or more of configuration in the configuration item option for presenting Configuration item, and it is input into corresponding configuration information.In the page is assumed, access frequency configuration item is such as selected, and be input into corresponding configuration Information.Configuration information can be access frequency higher limit.
In another kind of situation, access frequency configuration item can not directly be presented in the configuration page, can be that basis connects The configuration information of the configuration side's input for receiving judges which configuration item the fixed configuration information belongs to.For example, receive configuration side to exist The configuration information being input on the configuration page is " access frequency maximum is 20 times/second ", then judge which belongs to access frequency and matches somebody with somebody Put item.
Optionally, be guarantee system safety, receive configuration side configure the page on input configuration information before, Authentication need to be carried out to configuration side, when authentication is by the executable subsequent step in rear.
For example, in online score inquiry website, the concurrent visit capacity of user is crossed conference and causes server overload, very To the phenomenon for the machine of delaying occur, so needing to change the control strategy to user access activity in real time, access frequency mistake is such as limited The access of high user.When implementing to user's access frequency control strategy, it is the access for limiting the too high user of access frequency, Configuration side corresponding configuration information of the access frequency configuration item that is input on the page is configured is received, if the configuration side of reception is matching somebody with somebody The access higher limit for putting access frequency configuration item input on the page is 50 times/second, then define to access frequency more than 50 times/second User the control strategy that limited of access.
Generation module 42 is further adapted for:Access frequency restriction rule is generated according to configuration information.
Specifically, according to the configuration information in receiver module 41, to needing configuration information to be processed raw after processing Into corresponding configuration rule.To needing configuration information to be processed to be processed can be specifically:Pass in identification configuration information " maximum " " access frequency ", " 50 time/second " keyword in key word, such as identification " largest access frequency is 50 times/second ";Alternatively Invalid information in configuration information is filtered etc., such as the configuration information of input is " largest access frequency is -2 times/seconds ", then will This information filtering, and configuration side is fed back in modes such as promptings.Eventually through default generation program according to process after configuration Information generates IP filtering rules.
And to the configuration information without the need for processing, such as configuration side is in largest access frequency item in selection access frequency configuration item Input " 50 time/second ", then generate program according to the configuration rule being set, directly generates and filters out access frequency more than 50 The configuration rule of the access request of secondary/second.
Control module 44 is further adapted for:Local visit frequency threshold value is updated according to access frequency restriction rule;Currently When end equipment receives access request, the corresponding IP address of parsing access request counts the access frequency of IP address, judges IP ground Whether the access frequency of location is more than or equal to the visit frequency threshold value at Configuration Agent end, if so, then refuses the access request.
According to the access frequency restriction rule in generation module 42, locally stored visit frequency threshold value is updated.For example, former First locally stored visit frequency threshold value is sky, when access frequency restriction rule is to limit the visit that access frequency is higher than 50 times/second Request is asked, then local visit frequency threshold value is updated for 50 times/second.
When headend equipment receives access request, the corresponding IP address of parsing access request, and count the IP address Access frequency.Locally stored visit frequency threshold value relatively in the access frequency and step 304 of the IP address of statistics, if statistics IP address access frequency more than local visit frequency threshold value, then refuse the access request;If the visit of the IP address of statistics Ask that frequency less than or equal to local visit frequency threshold value, then responds the access request.
According to the access Behavior- Based control device of the present invention, configuration side can be made only need to neatly to change by Web is operated in real time Become IP control strategies and access frequency strategy, and IP is reduced without the need for restarting headend equipment again after control strategy change The change cost of control strategy and access frequency strategy and improve its change efficiency;Simultaneously as which is simple to operate flexibly, need not Special operation maintenance personnel operation, so that reduce personnel cost;Again as IP lists and visit frequency threshold value are stored in configuration generation Reason end, FEP need not load mass data on startup.
Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein. Various general-purpose systems can also be used together based on teaching in this.As described above, construct required by this kind of system Structure be obvious.Additionally, the present invention is also not for any certain programmed language.It is understood that, it is possible to use various Programming language realizes the content of invention described herein, and the above description done by language-specific is to disclose this Bright preferred forms.
In description mentioned herein, a large amount of details are illustrated.It is to be appreciated, however, that the enforcement of the present invention Example can be put into practice in the case where not having these details.In some instances, known method, structure are not been shown in detail And technology, so as not to obscure the understanding of this description.
Similarly, it will be appreciated that in order to simplify the disclosure helping understand one or more in each inventive aspect, Above in the description to the exemplary embodiment of the present invention, each feature of the present invention is grouped together into single enforcement sometimes In example, figure or descriptions thereof.However, should not be construed to reflect following intention by the method for the disclosure:I.e. required guarantor The more features of feature that the application claims ratio of shield is expressly recited in each claim.More precisely, such as following Claims reflected as, inventive aspect is all features less than single embodiment disclosed above.Therefore, Thus the claims for following specific embodiment are expressly incorporated in the specific embodiment, wherein each claim itself All as the separate embodiments of the present invention.
Those skilled in the art be appreciated that can to embodiment in equipment in module carry out adaptively Change and they are arranged in one or more equipment different from the embodiment.Can be the module in embodiment or list Unit or component are combined into a module or unit or component, and can be divided in addition multiple submodule or subelement or Sub-component.In addition at least some in such feature and/or process or unit is excluded each other, can adopt any Combination is disclosed to all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so to appoint Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification (includes adjoint power Profit is required, summary and accompanying drawing) disclosed in each feature can identical by offers, be equal to or the alternative features of similar purpose carry out generation Replace.
Although additionally, it will be appreciated by those of skill in the art that some embodiments described herein include other embodiments In some included features rather than further feature, but the combination of the feature of different embodiments means in of the invention Within the scope of and form different embodiments.For example, in the following claims, embodiment required for protection appoint One of meaning can in any combination mode using.
The present invention all parts embodiment can be realized with hardware, or with one or more processor operation Software module realize, or with combinations thereof realize.It will be understood by those of skill in the art that can use in practice Microprocessor or digital signal processor (DSP) are realizing according to embodiments of the present invention access in Behavior- Based control device one The some or all functions of a little or whole parts.The present invention is also implemented as executing method as described herein Some or all equipment or program of device (for example, computer program and computer program).Such realization The program of the present invention can be stored on a computer-readable medium, or can have the form of one or more signal.This The signal of sample can be downloaded from internet website and be obtained, or provide on carrier signal, or be carried with any other form For.
It should be noted that above-described embodiment the present invention will be described rather than limits the invention, and ability Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims, Any reference markss being located between bracket should not be configured to limitations on claims.Word "comprising" is not excluded the presence of not Element listed in the claims or step.Word "a" or "an" before being located at element does not exclude the presence of multiple such Element.The present invention can come real by means of the hardware for including some different elements and by means of properly programmed computer Existing.If in the unit claim for listing equipment for drying, several in these devices can be by same hardware branch To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and be run after fame Claim.

Claims (10)

1. one kind accesses Behavior- Based control method, including:
Receive the configuration information that configuration side is input on the configuration page;
Configuration rule is generated according to the configuration information;
The configuration rule is synchronized to the Configuration Agent end that run in end equipment in each of front, for Configuration Agent end root The access behavior of headend equipment is controlled according to the configuration rule.
2. method according to claim 1, wherein, the configuration page is Web page, and the configuration page is provided with many The individual configuration item for being available for the side of configuration to select.
3. method according to claim 2, wherein, the configuration item includes:Region configuration item;
The configuration side's configuration information of input on the configuration page that receives is further included:Reception configuration side is on the configuration page The corresponding configuration information of selected region configuration item;
Described according to configuration information generate configuration rule further include:IP filtering rules are generated according to configuration information;
The Configuration Agent end is controlled to the access behavior of headend equipment according to the configuration rule and further includes:
Configuration Agent end updates local IP blacklists and/or IP white lists according to the IP filtering rules;
When headend equipment receives access request, the corresponding IP address of parsing access request, by the IP address and configuration generation The IP blacklists and/or IP white lists at reason end is mated, and is responded according to matching result or is refused the access request.
4. method according to claim 2, wherein, the configuration item includes:Access frequency configuration item;
The configuration side's configuration information of input on the configuration page that receives is further included:Reception configuration side is on the configuration page The corresponding configuration information of selected access frequency configuration item;
Described according to configuration information generate configuration rule further include:Access frequency restriction rule is generated according to configuration information;
The Configuration Agent end is controlled to the access behavior of headend equipment according to the configuration rule and further includes:
Configuration Agent end updates local visit frequency threshold value according to the access frequency restriction rule;
When headend equipment receives access request, the corresponding IP address of parsing access request counts the access of the IP address Frequency, judges whether the access frequency of the IP address is more than the visit frequency threshold value at Configuration Agent end, if so, then refuses The access request.
5. the method according to any one of claim 1-4, also includes:
The Configuration Agent end is monitored to the access behavior of headend equipment;
When the visit capacity for monitoring headend equipment exceeds the visit capacity upper limit, send a notification message to configuration service end;
The configuration service end carries out alarming processing according to the notification message.
6. one kind accesses Behavior- Based control device, including:Configuration service end and multiple Configuration Agent ends;
The configuration service end includes:
Receiver module, is suitable to receive the configuration information that configuration side is input on the configuration page;
Generation module, is suitable to generate configuration rule according to the configuration information;
Synchronization module, is suitable to the configuration rule is synchronized to the Configuration Agent end that run in end equipment in each of front;
The Configuration Agent end includes:
Control module, is suitable to be controlled the access behavior of headend equipment according to the configuration rule.
7. device according to claim 6, wherein, the configuration page is Web page, and the configuration page is provided with many The individual configuration item for being available for the side of configuration to select.
8. device according to claim 7, wherein, the configuration item includes:Region configuration item;
The receiver module is further adapted for:Receive the corresponding configuration of selected region configuration item on the page is configured of configuration side Information;
The generation module is further adapted for:IP filtering rules are generated according to configuration information;
The control module is further adapted for:Local IP blacklists and/or IP white lists are updated according to the IP filtering rules; When headend equipment receives access request, the corresponding IP address of parsing access request, by the IP address and Configuration Agent end Local IP blacklists and/or IP white lists are mated, and are responded according to matching result or are refused the access request.
9. device according to claim 7, wherein, the configuration item includes:Access frequency configuration item;
The receiver module is further adapted for:Receive configuration side's selected access frequency configuration item on the configuration page corresponding Configuration information;
The generation module is further adapted for:Access frequency restriction rule is generated according to configuration information;
The control module is further adapted for:Local visit frequency threshold value is updated according to the access frequency restriction rule;When When headend equipment receives access request, the corresponding IP address of parsing access request counts the access frequency of the IP address, sentences Whether the access frequency of the IP address of breaking is more than or equal to the visit frequency threshold value at Configuration Agent end, if so, then refuses The access request.
10. the device according to any one of claim 1-4, wherein, the Configuration Agent end also includes:Monitoring module, It is suitable to be monitored the access behavior of headend equipment;When the visit capacity for monitoring headend equipment exceeds the visit capacity upper limit, to Configuration service end sends a notification message;
The configuration service end also includes:Alarm module, is suitable to carry out alarming processing according to the notification message.
CN201611248960.5A 2016-12-29 2016-12-29 Access behavior control method and device Active CN106506559B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611248960.5A CN106506559B (en) 2016-12-29 2016-12-29 Access behavior control method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611248960.5A CN106506559B (en) 2016-12-29 2016-12-29 Access behavior control method and device

Publications (2)

Publication Number Publication Date
CN106506559A true CN106506559A (en) 2017-03-15
CN106506559B CN106506559B (en) 2020-02-18

Family

ID=58334768

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611248960.5A Active CN106506559B (en) 2016-12-29 2016-12-29 Access behavior control method and device

Country Status (1)

Country Link
CN (1) CN106506559B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108173714A (en) * 2017-12-27 2018-06-15 北京奇艺世纪科技有限公司 Detection method, detection device and the electronic equipment of public outlet IP address
CN108900543A (en) * 2018-08-13 2018-11-27 郑州云海信息技术有限公司 The method and apparatus of managing firewall rule
CN109034942A (en) * 2018-06-14 2018-12-18 安徽鼎龙网络传媒有限公司 A kind of server cloud expansion system in micro- scene management backstage wechat store
CN109388655A (en) * 2017-08-07 2019-02-26 北京京东尚科信息技术有限公司 A kind of method and apparatus of dynamic control of data access
CN109901923A (en) * 2017-12-07 2019-06-18 财付通支付科技有限公司 A kind of frequency limit method, frequency limit device and readable storage medium storing program for executing
CN110134864A (en) * 2019-04-25 2019-08-16 上海淇毓信息科技有限公司 A kind of request filter method based on DSP party in request platform, device, system
CN110933068A (en) * 2019-11-26 2020-03-27 秒针信息技术有限公司 Black and white list real-time optimization method and device, server and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1384639A (en) * 2002-06-11 2002-12-11 华中科技大学 Distributed dynamic network security protecting system
US20080052381A1 (en) * 2006-08-22 2008-02-28 Koon Wah Yu Method and system for selecting a transcoder to convert between content types
CN101562610A (en) * 2009-05-27 2009-10-21 上海交通大学 Network access control method capable of customizing inspection items
CN104298686A (en) * 2013-07-18 2015-01-21 深圳市腾讯计算机系统有限公司 Method and device for modifying server configuration file
CN104468226A (en) * 2014-12-18 2015-03-25 山东中创软件工程股份有限公司 Nginx configuration method and device
CN105162793A (en) * 2015-09-23 2015-12-16 上海云盾信息技术有限公司 Method and apparatus for defending against network attacks
CN105338017A (en) * 2014-06-30 2016-02-17 北京新媒传信科技有限公司 WEB defense method and system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1384639A (en) * 2002-06-11 2002-12-11 华中科技大学 Distributed dynamic network security protecting system
US20080052381A1 (en) * 2006-08-22 2008-02-28 Koon Wah Yu Method and system for selecting a transcoder to convert between content types
CN101562610A (en) * 2009-05-27 2009-10-21 上海交通大学 Network access control method capable of customizing inspection items
CN104298686A (en) * 2013-07-18 2015-01-21 深圳市腾讯计算机系统有限公司 Method and device for modifying server configuration file
CN105338017A (en) * 2014-06-30 2016-02-17 北京新媒传信科技有限公司 WEB defense method and system
CN104468226A (en) * 2014-12-18 2015-03-25 山东中创软件工程股份有限公司 Nginx configuration method and device
CN105162793A (en) * 2015-09-23 2015-12-16 上海云盾信息技术有限公司 Method and apparatus for defending against network attacks

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109388655A (en) * 2017-08-07 2019-02-26 北京京东尚科信息技术有限公司 A kind of method and apparatus of dynamic control of data access
CN109901923A (en) * 2017-12-07 2019-06-18 财付通支付科技有限公司 A kind of frequency limit method, frequency limit device and readable storage medium storing program for executing
CN109901923B (en) * 2017-12-07 2022-10-21 财付通支付科技有限公司 Frequency limiting method, frequency limiting device and readable storage medium
CN108173714A (en) * 2017-12-27 2018-06-15 北京奇艺世纪科技有限公司 Detection method, detection device and the electronic equipment of public outlet IP address
CN109034942A (en) * 2018-06-14 2018-12-18 安徽鼎龙网络传媒有限公司 A kind of server cloud expansion system in micro- scene management backstage wechat store
CN108900543A (en) * 2018-08-13 2018-11-27 郑州云海信息技术有限公司 The method and apparatus of managing firewall rule
CN110134864A (en) * 2019-04-25 2019-08-16 上海淇毓信息科技有限公司 A kind of request filter method based on DSP party in request platform, device, system
CN110134864B (en) * 2019-04-25 2023-09-05 上海淇毓信息科技有限公司 Request filtering method, device and system based on DSP (digital Signal processor) demand side platform
CN110933068A (en) * 2019-11-26 2020-03-27 秒针信息技术有限公司 Black and white list real-time optimization method and device, server and storage medium
CN110933068B (en) * 2019-11-26 2022-03-01 秒针信息技术有限公司 Black and white list real-time optimization method and device, server and storage medium

Also Published As

Publication number Publication date
CN106506559B (en) 2020-02-18

Similar Documents

Publication Publication Date Title
CN106506559A (en) Access Behavior- Based control method and device
US11418486B2 (en) Method and system for controlling internet browsing user security
CN109688097B (en) Website protection method, website protection device, website protection equipment and storage medium
CN103957201B (en) Domain-name information processing method based on DNS, apparatus and system
US9565145B2 (en) Information sharing management on an instant messaging platform
US9781133B2 (en) Automatic stability determination and deployment of discrete parts of a profile representing normal behavior to provide fast protection of web applications
CN101674293B (en) Method and system for processing abnormal request in distributed application
WO2016209355A1 (en) Managing unwanted tracking on a device
CN107465648A (en) The recognition methods of warping apparatus and device
CN102231745A (en) Safety system and method for network application
CN105939326A (en) Message processing method and device
CN109313676B (en) IP address access based on security level and access history
CN101931646A (en) Internet brows management method, system and terminal
CN102227113B (en) System and method for realizing filtering communication message
CN106503155B (en) User change control method and system
CN110166436A (en) The mimicry Web gateway system and method for dynamic dispatching are carried out using random selection
CN106789486B (en) Method and device for detecting shared access, electronic equipment and computer readable storage medium
KR101823421B1 (en) Apparatus and method for securiting network based on whithlist
EP3348024B1 (en) Content policy discovery
CN106254312B (en) method and device for achieving server attack prevention through virtual machine heterogeneous
TW201928750A (en) Collation server, collation method, and computer program
CN109474601A (en) A kind of scanning class attack method of disposal of Behavior-based control identification
CN117014232B (en) Defending method, device, equipment and medium for denial of service attack
CN114244575A (en) Automatic route hijacking blocking method and device
CN103685318B (en) Data processing method and device for network safety prevention

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant