CN106713318A - WEB site security protection method and system - Google Patents

WEB site security protection method and system Download PDF

Info

Publication number
CN106713318A
CN106713318A CN201611202994.0A CN201611202994A CN106713318A CN 106713318 A CN106713318 A CN 106713318A CN 201611202994 A CN201611202994 A CN 201611202994A CN 106713318 A CN106713318 A CN 106713318A
Authority
CN
China
Prior art keywords
http request
default
uri
web site
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611202994.0A
Other languages
Chinese (zh)
Other versions
CN106713318B (en
Inventor
江志炎
陈融圣
曾忠诚
李壮相
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xindong Network Technology Co Ltd
Original Assignee
Xindong Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xindong Network Technology Co Ltd filed Critical Xindong Network Technology Co Ltd
Priority to CN202010304157.9A priority Critical patent/CN111541674A/en
Priority to CN202010303797.8A priority patent/CN111541673A/en
Priority to CN201611202994.0A priority patent/CN106713318B/en
Priority to CN202010303787.4A priority patent/CN111541672A/en
Publication of CN106713318A publication Critical patent/CN106713318A/en
Application granted granted Critical
Publication of CN106713318B publication Critical patent/CN106713318B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/306Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Technology Law (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention relates to a WEB site security protection method and system. The WEB site security protection method comprises the steps of acquiring an IP address of a client sending an HTTP request; searching the IP address in a preset IP black list and a preset IP white list, and acquiring a first search result; when the first search result is that the IP address is not found, extracting a file extension name in the HTTP request, and acquiring a resource type requested by the HTTP request; when the resource type is a non-static file, extracting a URI in the HTTP request; searching the URI in a preset URI white list, and acquiring a second search result; when the second search result is that the URI is not found, recognizing whether the HTTP request contains a preset feature code or not; if so, matching the HTTP request with a preset security rule, if the HTTP request is successfully matched with the preset security rule, sending a resource requested by the HTTP request to a client; and if not, intercepting the HTTP request. The efficiency of detecting the security of an HTTP request is improved.

Description

A kind of WEB site safeties means of defence and system
Technical field
The present invention relates to information security field, more particularly to a kind of WEB site safeties means of defence and system.
Background technology
The main application fire prevention with hardware firewall or based on Apache, IIS etc. of existing WEB site safeties Protection Product Wall, web portal security filtering is processed by autonomous device and agent skill group.But, the application firewall high cost of hardware, base Can also increase the extra input of server in the application firewall of the softwares such as Apache, IIS.
The content of the invention
The technical problems to be solved by the invention are:A kind of WEB site safeties means of defence and system are provided, detection is improved The efficiency of HTTP request security.
In order to solve the above-mentioned technical problem, the technical solution adopted by the present invention is:
The present invention provides a kind of WEB site safeties means of defence, including:
Obtain the IP address of the client for sending HTTP request;
The IP address is searched in default IP blacklists and default IP white lists, the first Search Results are obtained;
When first Search Results are not to search the IP address, the file extension in HTTP request is extracted, Obtain the HTTP request requested resource type;
When the resource type is non-static file, the URI in the HTTP request is extracted;
The URI is searched in default URI white lists, the second Search Results are obtained;
Whether include when second Search Results are not to search the URI, in the identification HTTP request default Condition code;If so, then matching the HTTP request and default safety regulation, matching result is obtained;
If the matching result intercepts the HTTP request for the match is successful;Otherwise, the HTTP request is sent to ask The resource asked is to client.
The present invention also provides a kind of WEB site safeties guard system, including:
First acquisition module, the IP address for obtaining the client for sending HTTP request;
First search module, for searching for the IP address in default IP blacklists and default IP white lists, obtains One Search Results;
First extraction module, for when first Search Results are not to search the IP address, extracting HTTP please File extension in asking, obtains the HTTP request requested resource type;
Second extraction module, for when the resource type is non-static file, extracting the HTTP request in URI;
Second search module, for searching for the URI in default URI white lists, obtains the second Search Results;
Matching module, for when second Search Results are not to search the URI, recognizing the HTTP request in Whether default condition code is included;If so, then:The HTTP request and default safety regulation are matched, matching result is obtained;If The matching result then intercepts the HTTP request for the match is successful;Otherwise, the HTTP request requested resource is sent extremely Client.
The beneficial effects of the present invention are:The present invention detects that sending HTTP asks by default IP blacklists and IP white lists The security of the IP address of the client asked, if the IP address is determined whether not in IP blacklists and IP white lists Whether HTTP request requested resource is the static files such as CSS, picture, if so, directly returning to static file resource to client End, otherwise determines whether whether URI that HTTP request asked is to set in default URI white lists without security risk Resource, such as homepage, the identifying code page.Client of the IP blacklists mainly to those long-times or high-volume illegal request is carried out Refusal, and between IP white lists are then supplied to the server that both sides trust each other servicing communications (general service communication has peace in itself Full inspection is tested), skip detection is to lift service processing efficiency.If cannot determine the peace of the HTTP request by above-mentioned steps Whether Quan Xing, then further include default condition code, according to default if comprising default condition code in identification HTTP request Safety regulation carry out safety detection.Described document information is the feature of the resource of safety detection to be carried out, and is such as intended to detection script text Part, condition code can be set to "<script>”.Each safety regulation is corresponding with a condition code, only works as HTTP request In comprising matching this feature code when, just carry out safety detection operation using list of rules detailed in safety regulation, improve detection The efficiency of HTTP request security.
Brief description of the drawings
A kind of FB(flow block) of the specific embodiment of WEB site safeties means of defence that Fig. 1 is provided for the present invention;
A kind of structured flowchart of the specific embodiment of WEB site safeties guard system that Fig. 2 is provided for the present invention;
Label declaration:
1st, the first acquisition module;2nd, the first search module;3rd, the first extraction module;4th, the second extraction module;5th, second search Rope module;6th, matching module.
Specific embodiment
It is to describe technology contents of the invention, the objects and the effects in detail, below in conjunction with implementation method and coordinates attached Figure is explained.
As shown in figure 1, the present invention provides a kind of WEB site safeties means of defence, including:
Obtain the IP address of the client for sending HTTP request;
The IP address is searched in default IP blacklists and default IP white lists, the first Search Results are obtained;
When first Search Results are not to search the IP address, the file extension in HTTP request is extracted, Obtain the HTTP request requested resource type;
When the resource type is non-static file, the URI in the HTTP request is extracted;
The URI is searched in default URI white lists, the second Search Results are obtained;
Whether include when second Search Results are not to search the URI, in the identification HTTP request default Condition code;If so, then matching the HTTP request and default safety regulation, matching result is obtained;
If the matching result intercepts the HTTP request for the match is successful;Otherwise, the HTTP request is sent to ask The resource asked is to client.
Further, the matching HTTP request and default safety regulation, specially:
The required parameter name in the HTTP request is obtained, the first parameter name is obtained;
If first parameter name is identical with the parameter name in default parameter name blacklist, intercepting the HTTP please Ask.
Seen from the above description, the required parameter in HTTP request is filtered, confirms whether client has and pass through POST, GET request mode submit illegal parameter to.
Further, the matching HTTP request and default safety regulation, specially:
The browser type that client is used is obtained from the HTTP request, the first browser type is obtained;
If first browser type is mismatched with default browser type, the HTTP request is intercepted.
Seen from the above description, browser type detection mainly includes following two aspects:1st, limit illegal or currently should With the browser type do not supported;There is SQL injection when the 2nd, avoiding some applications from being put in storage browser type in daily record form to leak Hole.
Further, also include:
Load the IP blacklists, the IP white lists, the URI white lists and the safety regulation to internal memory.
Seen from the above description, the efficiency of HTTP request safety detection can be improved.
Further, also include:
The HTTP request for intercepting is preserved, journal file is formed.
Seen from the above description, the health condition of current site can be assessed by journal file, for illegal request client End counted, will excessively frequently client ip pipe off a period of time to reduce server process affairs amount, lifting Systematic function.
As shown in Fig. 2 the present invention also provides a kind of WEB site safeties guard system, including:
First acquisition module 1, the IP address for obtaining the client for sending HTTP request;
First search module 2, for searching for the IP address in default IP blacklists and default IP white lists, obtains One Search Results;
First extraction module 3, for when first Search Results are not to search the IP address, extracting HTTP please File extension in asking, obtains the HTTP request requested resource type;
Second extraction module 4, for when the resource type is non-static file, extracting the HTTP request in URI;
Second search module 5, for searching for the URI in default URI white lists, obtains the second Search Results;
Matching module 6, for when second Search Results are not to search the URI, recognizing the HTTP request In whether include default condition code;If so, then:The HTTP request and default safety regulation are matched, matching result is obtained; If the matching result intercepts the HTTP request for the match is successful;Otherwise, the HTTP request requested resource is sent To client.
Further, the matching module includes:
First acquisition unit, for obtaining the name of the required parameter in the HTTP request, obtains the first parameter name;
First interception unit, if for the parameter famous prime minister in first parameter name and default parameter name blacklist Together, then the HTTP request is intercepted.
Further, the matching module also includes:
Second acquisition unit, for obtaining the browser type that client is used from the HTTP request, obtains first Browser type;
Second interception unit, if being mismatched for first browser type and default browser type, intercepts The HTTP request.
Further, also include:
Load-on module, for loading the IP blacklists, the IP white lists, the URI white lists and the safety rule Then to internal memory.
Further, also include:
Preserving module, for preserving the HTTP request for intercepting, forms journal file.
Seen from the above description, the WEB site safety guard systems for being provided by the present invention, can improve detection HTTP request The efficiency of security.
Embodiments of the invention one are:
Load default IP blacklists, IP white lists, URI white lists and safety regulation to internal memory;
Obtain the IP address of the client for sending HTTP request;If not searched in default IP blacklists and default IP white lists Rope to the IP address, then:
The file extension in HTTP request is extracted, the HTTP request requested resource type is obtained;If the money Source Type is non-static file, then:
The URI in the HTTP request is extracted, if not searching the URI in default URI white lists,:
Whether recognize in the HTTP request includes default condition code;If so, then:
The HTTP request is matched with default safety regulation;Specially:Obtain the required parameter in the HTTP request Name, obtains the first parameter name;
If first parameter name is identical with the parameter name in default parameter name blacklist, intercepting the HTTP please Ask;Otherwise:
The browser type that client is used is obtained from the HTTP request, the first browser type is obtained;
If first browser type is mismatched with default browser type, the HTTP request is intercepted;
The HTTP request for intercepting is preserved, journal file is formed.
Embodiments of the invention two are:
The IP address of the client for sending HTTP request is obtained, is searched in default IP white lists with the presence or absence of IP ground Location, if in the presence of sending the HTTP request requested resource to client;If not existing, default IP blacklists are searched for In whether there is the IP address, if in the presence of intercepting the HTTP request, and the HTTP request is preserved into journal file.
If not existing the IP address in IP blacklists and IP white lists, the file extension in HTTP request is extracted, File extension according to extracting judges HTTP request requested resource type, if the resource type of request is CSS style The static files such as file, picture, then do not go on safety detection, directly returns to static file to client, otherwise, carries out URI is detected.
The URI for asking resource is obtained according to HTTP request, is searched for and be whether there is the URI in default URI white lists, if In the presence of, illustrate that requested resource is the resource without safety issue, such as the homepage of the page, the identifying code page, then directly return The resource of HTTP request is returned to client, safety regulation matching is otherwise carried out.
Default safety regulation includes detection parameter http_referer, and the reference path to user's request matched Filter;Detection parameter http_user_agent, the user browser information filtering to the Header of HTTP request;Detection parameter Http_accept_language, the Accept_Language information filterings of the browser to sending HTTP request;Detection parameter URI, the URL to HTTP request is filtered;Detection parameter Cookie, to the cookie information filtering in HTTP request;Detection Parameter Get, the required parameter to the GET request mode of HTTP is filtered;Detection parameter POST, to the POST request side of HTTP The required parameter of formula is filtered.Above-mentioned safety regulation can arbitrary arrangement combination, form set of security rules, and be set of security rules A condition code is configured, when described document information is included in HTTP request, then using corresponding set of security rules to the HTTP request Detected.If HTTP request meets being matched with safety regulation, HTTP request requested resource is sent to client, it is no Then, the HTTP request is intercepted, and preserves the HTTP request to journal file.
Embodiments of the invention three:
The website of Struts2 technologies is used for having, client can be constructed:http://host/struts2- blank/example/X.actionaction:%25 { (new+java.lang.ProcessBuild er (new+ Java.lang.String [] ' command', ' goes', ' here'})) .start () link, command goes here It is path and the parameter for destroying script that can change into, such as fdisk-f etc., the purpose for causing brokenly loop systems to run.
The present invention can be by matching some keywords of the Struts2 such as action, java.lang, command to reach The upper of Struts2 illegal requests is recognized, these illegal requests are intercepted.
In sum, the present invention is provided a kind of WEB site safeties means of defence and system, by default IP blacklists With the security of the IP address of the client that the detection of IP white lists sends HTTP request, if the IP address not in IP blacklists and In IP white lists, then determine whether whether HTTP request requested resource is the static files such as CSS, picture, if so, directly Static file resource is returned to client, otherwise determines whether whether the URI that HTTP request is asked is the white names of default URI The resource without security risk set in list, such as homepage, the identifying code page.If cannot determine the HTTP by above-mentioned steps Whether the security of request, then further include default condition code, if comprising default condition code in identification HTTP request Safety detection is carried out according to default safety regulation.Described document information is the feature of the resource of safety detection to be carried out, and is such as intended to examine Script file is surveyed, condition code can be set to "<script>”.Each safety regulation is corresponding with a condition code, only when When in HTTP request comprising matching this feature code, safety detection operation just is carried out using list of rules detailed in safety regulation, Improve the efficiency of detection HTTP request security.
Embodiments of the invention are the foregoing is only, the scope of the claims of the invention is not thereby limited, it is every to utilize this hair The equivalents that bright specification and accompanying drawing content are made, or the technical field of correlation is directly or indirectly used in, similarly include In scope of patent protection of the invention.

Claims (10)

1. a kind of WEB site safeties means of defence, it is characterised in that including:
Obtain the IP address of the client for sending HTTP request;
The IP address is searched in default IP blacklists and default IP white lists, the first Search Results are obtained;
When first Search Results are not to search the IP address, the file extension in HTTP request is extracted, obtained The HTTP request requested resource type;
When the resource type is non-static file, the URI in the HTTP request is extracted;
The URI is searched in default URI white lists, the second Search Results are obtained;
When second Search Results are not to search the URI, whether default spy is included in the identification HTTP request Levy code;If so, then matching the HTTP request and default safety regulation, matching result is obtained;
If the matching result intercepts the HTTP request for the match is successful;Otherwise, send what the HTTP request was asked Resource is to client.
2. WEB site safeties means of defence according to claim 1, it is characterised in that the matching HTTP request With default safety regulation, specially:
The required parameter name in the HTTP request is obtained, the first parameter name is obtained;
If first parameter name is identical with the parameter name in default parameter name blacklist, the HTTP request is intercepted.
3. WEB site safeties means of defence according to claim 1, it is characterised in that the matching HTTP request With default safety regulation, specially:
The browser type that client is used is obtained from the HTTP request, the first browser type is obtained;
If first browser type is mismatched with default browser type, the HTTP request is intercepted.
4. WEB site safeties means of defence according to claim 1, it is characterised in that also include:
Load the IP blacklists, the IP white lists, the URI white lists and the safety regulation to internal memory.
5. WEB site safeties means of defence according to claim 1, it is characterised in that also include:
The HTTP request for intercepting is preserved, journal file is formed.
6. a kind of WEB site safeties guard system, it is characterised in that including:
First acquisition module, the IP address for obtaining the client for sending HTTP request;
First search module, for searching for the IP address in default IP blacklists and default IP white lists, obtains first and searches Hitch is really;
First extraction module, for when first Search Results for do not search the IP address when, extract HTTP request in File extension, obtain the HTTP request requested resource type;
Second extraction module, for when the resource type is non-static file, extracting the URI in the HTTP request;
Second search module, for searching for the URI in default URI white lists, obtains the second Search Results;
Matching module, for when second Search Results are not to search the URI, recognize in the HTTP request whether Including default condition code;If so, then matching the HTTP request and default safety regulation, matching result is obtained;If described Matching result then intercepts the HTTP request for the match is successful, otherwise sends the HTTP request requested resource to client End.
7. WEB site safeties guard system according to claim 6, it is characterised in that the matching module includes:
First acquisition unit, for obtaining the name of the required parameter in the HTTP request, obtains the first parameter name;
First interception unit, if identical with the parameter name in default parameter name blacklist for first parameter name, Intercept the HTTP request.
8. WEB site safeties guard system according to claim 6, it is characterised in that the matching module also includes:
Second acquisition unit, for obtaining the browser type that client is used from the HTTP request, obtains first and browses Device type;
Second interception unit, if being mismatched for first browser type and default browser type, intercepts described HTTP request.
9. WEB site safeties guard system according to claim 6, it is characterised in that also include:
Load-on module, for loading the IP blacklists, the IP white lists, the URI white lists and the safety regulation extremely Internal memory.
10. WEB site safeties guard system according to claim 6, it is characterised in that also include:Preserving module, is used for The HTTP request for intercepting is preserved, journal file is formed.
CN201611202994.0A 2016-12-23 2016-12-23 WEB site safety protection method and system Active CN106713318B (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
CN202010304157.9A CN111541674A (en) 2016-12-23 2016-12-23 WEB site safety protection method and system with high detection efficiency
CN202010303797.8A CN111541673A (en) 2016-12-23 2016-12-23 Efficient method and system for detecting HTTP request security
CN201611202994.0A CN106713318B (en) 2016-12-23 2016-12-23 WEB site safety protection method and system
CN202010303787.4A CN111541672A (en) 2016-12-23 2016-12-23 Method and system for detecting security of HTTP (hyper text transport protocol) request

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611202994.0A CN106713318B (en) 2016-12-23 2016-12-23 WEB site safety protection method and system

Related Child Applications (3)

Application Number Title Priority Date Filing Date
CN202010303787.4A Division CN111541672A (en) 2016-12-23 2016-12-23 Method and system for detecting security of HTTP (hyper text transport protocol) request
CN202010304157.9A Division CN111541674A (en) 2016-12-23 2016-12-23 WEB site safety protection method and system with high detection efficiency
CN202010303797.8A Division CN111541673A (en) 2016-12-23 2016-12-23 Efficient method and system for detecting HTTP request security

Publications (2)

Publication Number Publication Date
CN106713318A true CN106713318A (en) 2017-05-24
CN106713318B CN106713318B (en) 2020-04-07

Family

ID=58903063

Family Applications (4)

Application Number Title Priority Date Filing Date
CN202010303787.4A Withdrawn CN111541672A (en) 2016-12-23 2016-12-23 Method and system for detecting security of HTTP (hyper text transport protocol) request
CN202010304157.9A Withdrawn CN111541674A (en) 2016-12-23 2016-12-23 WEB site safety protection method and system with high detection efficiency
CN201611202994.0A Active CN106713318B (en) 2016-12-23 2016-12-23 WEB site safety protection method and system
CN202010303797.8A Withdrawn CN111541673A (en) 2016-12-23 2016-12-23 Efficient method and system for detecting HTTP request security

Family Applications Before (2)

Application Number Title Priority Date Filing Date
CN202010303787.4A Withdrawn CN111541672A (en) 2016-12-23 2016-12-23 Method and system for detecting security of HTTP (hyper text transport protocol) request
CN202010304157.9A Withdrawn CN111541674A (en) 2016-12-23 2016-12-23 WEB site safety protection method and system with high detection efficiency

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN202010303797.8A Withdrawn CN111541673A (en) 2016-12-23 2016-12-23 Efficient method and system for detecting HTTP request security

Country Status (1)

Country Link
CN (4) CN111541672A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108234453A (en) * 2017-12-12 2018-06-29 杭州安恒信息技术有限公司 A kind of web safety defense methods of rule-based Java
CN109558427A (en) * 2018-11-30 2019-04-02 上海找钢网信息科技股份有限公司 Intelligent inquiry system and method based on steel industry data platform
CN110012096A (en) * 2019-04-03 2019-07-12 中国工商银行股份有限公司 Mobile client service updates management method, apparatus and system
CN113992423A (en) * 2021-11-05 2022-01-28 枣庄科技职业学院 Computer network firewall with high safety and use method thereof
US20230025896A1 (en) * 2021-07-23 2023-01-26 Palo Alto Networks, Inc. Tree-based learning of application programming interface specification

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113542287A (en) * 2021-07-21 2021-10-22 山东浪潮通软信息科技有限公司 Network request management method and device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006119508A2 (en) * 2005-05-05 2006-11-09 Ironport Systems, Inc. Detecting unwanted electronic mail messages based on probabilistic analysis of referenced resources
CN101252443A (en) * 2008-03-20 2008-08-27 华为技术有限公司 Apparatus and method for detecting message security
CN103095810A (en) * 2012-12-28 2013-05-08 三维通信股份有限公司 Multi-functional middleware recognizing system based on Web technology
CN103825900A (en) * 2014-02-28 2014-05-28 广州云宏信息科技有限公司 Website access method and device and filter form downloading and updating method and system
CN104361283A (en) * 2014-12-05 2015-02-18 网宿科技股份有限公司 Web attack protection method
CN105635064A (en) * 2014-10-31 2016-06-01 杭州华三通信技术有限公司 CSRF attack detection method and device

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7707245B2 (en) * 2000-02-22 2010-04-27 Harvey Lunenfeld Metasearching a client's request for displaying different order books on the client
CN100440811C (en) * 2006-12-25 2008-12-03 杭州华三通信技术有限公司 Detection method and device for network attack
US8271650B2 (en) * 2009-08-25 2012-09-18 Vizibility Inc. Systems and method of identifying and managing abusive requests
US9215209B2 (en) * 2013-11-08 2015-12-15 U.S. Bancorp, National Association Source request monitoring
CN103607385B (en) * 2013-11-14 2017-01-18 北京奇虎科技有限公司 Method and apparatus for security detection based on browser
CN104954346B (en) * 2014-03-31 2018-12-18 北京奇安信科技有限公司 Attack recognition method and device based on object analysis
CN103973684B (en) * 2014-05-07 2017-05-24 北京神州绿盟信息安全科技股份有限公司 Rule compiling and matching method and device
CN105938472A (en) * 2015-08-26 2016-09-14 杭州迪普科技有限公司 Web access control method and device
CN110417748A (en) * 2019-07-08 2019-11-05 新华三信息安全技术有限公司 A kind of attack detection method and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006119508A2 (en) * 2005-05-05 2006-11-09 Ironport Systems, Inc. Detecting unwanted electronic mail messages based on probabilistic analysis of referenced resources
CN101252443A (en) * 2008-03-20 2008-08-27 华为技术有限公司 Apparatus and method for detecting message security
CN103095810A (en) * 2012-12-28 2013-05-08 三维通信股份有限公司 Multi-functional middleware recognizing system based on Web technology
CN103825900A (en) * 2014-02-28 2014-05-28 广州云宏信息科技有限公司 Website access method and device and filter form downloading and updating method and system
CN105635064A (en) * 2014-10-31 2016-06-01 杭州华三通信技术有限公司 CSRF attack detection method and device
CN104361283A (en) * 2014-12-05 2015-02-18 网宿科技股份有限公司 Web attack protection method

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108234453A (en) * 2017-12-12 2018-06-29 杭州安恒信息技术有限公司 A kind of web safety defense methods of rule-based Java
CN109558427A (en) * 2018-11-30 2019-04-02 上海找钢网信息科技股份有限公司 Intelligent inquiry system and method based on steel industry data platform
CN110012096A (en) * 2019-04-03 2019-07-12 中国工商银行股份有限公司 Mobile client service updates management method, apparatus and system
US20230025896A1 (en) * 2021-07-23 2023-01-26 Palo Alto Networks, Inc. Tree-based learning of application programming interface specification
US11997110B2 (en) * 2021-07-23 2024-05-28 Palo Alto Networks, Inc. Tree-based learning of application programming interface specification
CN113992423A (en) * 2021-11-05 2022-01-28 枣庄科技职业学院 Computer network firewall with high safety and use method thereof
CN113992423B (en) * 2021-11-05 2023-01-17 枣庄科技职业学院 Use method of computer network firewall

Also Published As

Publication number Publication date
CN111541674A (en) 2020-08-14
CN111541672A (en) 2020-08-14
CN111541673A (en) 2020-08-14
CN106713318B (en) 2020-04-07

Similar Documents

Publication Publication Date Title
CN106713318A (en) WEB site security protection method and system
US10469531B2 (en) Fraud detection network system and fraud detection method
CN101895516B (en) Method and device for positioning cross-site scripting attack source
CN106101145B (en) A kind of website vulnerability detection method and device
CA2595758C (en) System for detecting vulnerabilities in web applications using client-side application interfaces
US8112799B1 (en) Method, system, and computer program product for avoiding cross-site scripting attacks
US9531734B2 (en) Method and apparatus for intercepting or cleaning-up plugins
CN102467633A (en) Method and system for safely browsing webpage
CN107209831B (en) System and method for identifying network attacks
CN106357696A (en) Detection method and detection system for SQL injection attack
CN109768992B (en) Webpage malicious scanning processing method and device, terminal device and readable storage medium
CN105184159A (en) Web page falsification identification method and apparatus
CN101964026A (en) Method and system for detecting web page horse hanging
CN102769632A (en) Method and system for grading detection and prompt of fishing website
CN104462152A (en) Webpage recognition method and device
JP2004318816A (en) Communication relay device, communication relay method, and program
CN107846407A (en) A kind of method and system of batch detection SSRF leaks
CN105635064B (en) CSRF attack detection method and device
CN102185859A (en) Computer system and data interaction method
Shahriar et al. Injecting comments to detect JavaScript code injection attacks
CN113518077A (en) Malicious web crawler detection method, device, equipment and storage medium
CN107800686A (en) A kind of fishing website recognition methods and device
CN103336693B (en) The creation method of refer chain, device and security detection equipment
Lalia et al. XSS attack detection approach based on scripts features analysis
KR101428727B1 (en) A System and a Method for Detecting Spread and Pass Sites of Malicious Code

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
PE01 Entry into force of the registration of the contract for pledge of patent right
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: A web site security protection method and system

Effective date of registration: 20210127

Granted publication date: 20200407

Pledgee: Fuzhou Gulou sub branch of Fujian Straits Bank Co.,Ltd.

Pledgor: NEWDOONE SCIENCE & TECHNOLOGY Co.,Ltd.

Registration number: Y2021350000016