CN107046544A - A kind of method and apparatus of the unauthorized access request recognized to website - Google Patents

A kind of method and apparatus of the unauthorized access request recognized to website Download PDF

Info

Publication number
CN107046544A
CN107046544A CN201710301078.0A CN201710301078A CN107046544A CN 107046544 A CN107046544 A CN 107046544A CN 201710301078 A CN201710301078 A CN 201710301078A CN 107046544 A CN107046544 A CN 107046544A
Authority
CN
China
Prior art keywords
access request
website
client
request
legal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710301078.0A
Other languages
Chinese (zh)
Other versions
CN107046544B (en
Inventor
罗振
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Lexin Software Technology Co Ltd
Original Assignee
Shenzhen Lexin Software Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Lexin Software Technology Co Ltd filed Critical Shenzhen Lexin Software Technology Co Ltd
Priority to CN201710301078.0A priority Critical patent/CN107046544B/en
Publication of CN107046544A publication Critical patent/CN107046544A/en
Application granted granted Critical
Publication of CN107046544B publication Critical patent/CN107046544B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks

Abstract

The embodiment of the invention discloses a kind of method and apparatus for recognizing and asking website unauthorized access.Wherein, the method that identification is asked website unauthorized access, it is characterised in that method includes:The access request that client is initiated website is obtained, the link of the access request got is matched with the legitimacy rule of white list, recognizes whether the access request got is legal according to matching result.White list defines the legitimacy rule of access request, when Website server gets access request, load the legitimacy rule that the white list is defined, the legitimacy rule that the access request got and white list are defined is matched, tentatively recognize whether the access request got is legal according to matching result, to determine whether that loading blocker is further verified according to preliminary recognition result, the legitimacy of access request can efficiently and accurately be recognized, and realize on-demand loading blocker, server resource is saved to take, improve and the accuracy intercepted is attacked to CSRF.

Description

A kind of method and apparatus of the unauthorized access request recognized to website
Technical field
The present invention relates to technical field of network security, more particularly to a kind of method of the unauthorized access request recognized to website And device.
Background technology
The safety problem of current web is increasingly serious, and website webmaster will search out suspicious from substantial amounts of access request Movable sign is highly difficult.
In the prior art, a kind of illegal http of identification (hyper text transfer protocol, Hyper text transfer association View) scheme of access request is, according to known attack strategy (such as CSRF is attacked, sql injection attacks), to formulate Corresponding matching plan Slightly (judging the forbidden character in access request and illegal keyword) asks to intercept unauthorized access, realizes the approach of the program It is to be filtered using special hardware firewall to load respective rule;It can be used and tested based on the means of defence that CSRF is attacked Http referer fields are demonstrate,proved to realize, wherein, according to http agreements, there is a field in http referer, http The referer field records source address of the http access requests.Another method is to hide one in each page table list Input check values are detected field, consistent for being verified whether with server.
In the method for prior art, unauthorized access request, this means of defence peace are intercepted according to predetermined matching strategy Full property is not high, and the protection effect attacked CSRF is bad, and detection efficiency is not high, it is not necessary to which the http request of detection can also take inspection Survey resource.Method by adding input check values in each page table list, its development process is cumbersome, inefficiency.
The content of the invention
To solve Related Technical Issues, the present invention provides a kind of method and apparatus for recognizing and asking website unauthorized access, Efficiently and accurately to identify the unauthorized access request to website.
To achieve the above object, the embodiment of the present invention is adopted the following technical scheme that:
In a first aspect, the embodiments of the invention provide a kind of method for recognizing and asking website unauthorized access, methods described Including:
Obtain the access request that client is initiated the website;
The link of the access request got is matched with the legitimacy rule of white list, according to matching result Whether the access request got described in identification is legal.
Second aspect, the embodiment of the present invention is also corresponded to there is provided a kind of device for recognizing and asking website unauthorized access, institute Stating device includes:
Access request acquisition module, for obtaining the access request that client is initiated the website;
An identification module, for the legitimacy of the link of the access request got and white list rule to be carried out Match somebody with somebody, whether the access request got according to being recognized matching result is legal.
The beneficial effect that technical scheme provided in an embodiment of the present invention is brought:
In the technical program, white list defines the legitimacy rule of access request link, when Website server obtains visitor During the access request that family end is initiated website, legitimacy rule defined in the white list is loaded, by the access request got The legitimacy rule that defines of link and white list matched, the access request got is tentatively recognized according to matching result Whether legal, scheme is realized simply, the legitimacy of access request efficiently can be tentatively identified, to determine subsequently whether continue Further verify whether it is legal, to determine whether that loading blocker is further verified according to preliminary recognition result, accessing please Blocker need not be loaded when asking legal, it is preliminary to recognize that loading blocker is further verified when access request is illegal, know exactly The legitimacy of other access request, and on-demand loading blocker is realized, save server resource and take, improve and CSRF is attacked The accuracy intercepted.
Brief description of the drawings
Technical scheme in order to illustrate the embodiments of the present invention more clearly, institute in being described below to the embodiment of the present invention The accompanying drawing needed to use is briefly described, it should be apparent that, drawings in the following description are only some implementations of the present invention Example, for those of ordinary skill in the art, on the premise of not paying creative work, can also be according to present invention implementation The content and these accompanying drawings of example obtain other accompanying drawings.
Fig. 1 is the flow signal for the method that a kind of identification that the embodiment of the present invention one is provided is asked website unauthorized access Figure;
Fig. 2 is the flow signal for the method that a kind of identification that the embodiment of the present invention two is provided is asked website unauthorized access Figure;
Fig. 3 is the flow signal for the method that a kind of identification that the embodiment of the present invention three is provided is asked website unauthorized access Figure;
Fig. 4 A are the framework signals for the device that a kind of identification that the embodiment of the present invention four is provided is asked website unauthorized access Figure;
Fig. 4 B are a kind of configuration diagrams of optional embodiment of access request acquisition module 410 in Fig. 4 A;
Fig. 4 C are a kind of configuration diagrams of optional embodiment of identification module 420 in Fig. 4 A.
Embodiment
For make present invention solves the technical problem that, the technical scheme that uses and the technique effect that reaches it is clearer, below The technical scheme of the embodiment of the present invention will be described in further detail with reference to accompanying drawing, it is clear that described embodiment is only It is a part of embodiment of the invention, rather than whole embodiments.Based on the embodiment in the present invention, those skilled in the art exist The every other embodiment obtained under the premise of creative work is not made, the scope of protection of the invention is belonged to.
Embodiment one
Fig. 1 is refer to, it is the method that a kind of identification that the embodiment of the present invention one is provided is asked website unauthorized access Schematic flow sheet.The method that a kind of identification that the present embodiment is provided is asked website unauthorized access, it is adaptable to recognize client pair The whether legal scene of access request that website is initiated.The side that a kind of identification that the present embodiment is provided is asked website unauthorized access Method, can be performed by recognizing the device asked website unauthorized access, and the device can be by software and/or hardware come real It is existing, and be integrated in corresponding Website server.
As shown in figure 1, the method that a kind of identification that the present embodiment is provided is asked website unauthorized access, can include as follows Step:
The access request that S110, acquisition client are initiated website.
Exemplary, the terminal device that client can be held for client, such as desktop computer, notebook computer, flat board Computer, mobile phone etc..Website can refer on the internet according to certain rule, use HTML (Hyper Text Markup Language, HTML) etc. tool making be used for show the set of certain content related web page, briefly, Website is a kind of tool of communications, and website making person can be issued by website oneself wants disclosed information, or utilizes net Stand to provide the network service of correlation.Website server refers to the server that website is deposited in Internet data center, mainly It is the infrastructure of network application, every Website server can be received at least for issue, application of the website in internet The web site requests that one client is initiated website.Access request can browse web sites browsing for web page contents including user please Ask, the registration request of user's register account number on website, user logs in the logging request of existing account on website, and illegal Abnormal access request initiated during personnel malicious attack website etc..In the present embodiment, access request can be divided into conventional access Request, particular access request and abnormal access request, conventional access request is this kind of including browse request etc. not to be related to web portal security Access request, particular access request include registration request, logging request and requiring access directory web site file request etc. this Class may influence the access request of web portal security, and abnormal access request includes requiring distorting the request of directory web site file etc. this kind of The access request of malicious attack website.
For example, the web browser that user can be on the client inputs the website information of website, opens website net Page, client initiates access request according to the operation of user to website, and Website server gets the access request.Wherein, it is objective The concrete mode of access request is initiated at family end, and the concrete mode of Website server acquisition access request can be according to actual conditions Set, be not limited in any way here.
S120, the legitimacy rule of the link of the access request got and white list matched, according to matching knot Really recognize whether the access request got is legal.
Exemplary, the link of access request is also referred to as hyperlink, refers to the connection that a target is pointed to from a webpage Relation, pointed target can be the diverse location in another webpage or same web page, can also be picture, E-mail address, even file, application program etc., the access request that the target view site server being specifically directed towards is got Depending on.White list in the present embodiment is to be based on PHP (PHP:Hypertext Preprocessor, HyperText Preprocessor) frame Frame Kohana configurations, the white list defines the legitimacy rule of access request link, and the legitimacy rule of white list is net Site server tentatively judges the whether legal foundation of the access request got.
For example, Website server administrative staff can be in advance in the link for pointing to each target in website, to not meeting The link of specific link form sets identifier, to represent tentatively to be judged as the access request that link that unauthorized access please Ask, it is necessary to which loading blocker intercepts the access request, whether further verify the access request is unauthorized access request, and to symbol The link for closing specific link form is then not provided with the identifier, and the access request of this kind of link of acquiescence correspondence is legal, without loading Blocker is intercepted.Website server administrative staff specifically can be according to (the Uniform Resource of the URL in each link Locator, URL) decide whether to set identifier for some link, each file destination on website One unique URL information of correspondence, the URL information in link, it may be determined that the type of the corresponding access request of the link, URL information for example in link, it may be determined that the corresponding access request of the link please for conventional access request, specific access Ask or abnormal access request, the link for conventional access request is not provided with identifier, link for particular access request and The link of abnormal access request sets identifier.
It is preferred that, the access request that gets according to being recognized matching result it is whether legal including:Please when accessing When the link asked does not meet setting formal rule, then Intercept Interview is asked;When the link of access request meets setting formal rule When, then not Intercept Interview is asked.That is the legitimacy rule of white list is defined as:It is corresponding for the link that is not provided with identifier Access request is determined as that Lawful access is asked, and is not required to the Intercept Interview request of loading blocker.For there is the link for setting identifier Corresponding access request is considered as not meeting the legitimacy rule of white list, and preliminary judgement is that unauthorized access is asked, it is necessary to load Blocker Intercept Interview request further verifies whether it is illegal request.
It should be noted that legitimacy rule of the present embodiment by white list, is tentatively to judge that the access got please Seeking Truth is no legal, for being tentatively judged as legal access request without further verifying, but is judged as illegally for preliminary Access request need to load blocker further verify its whether be unauthorized access request, the operating process further verified is in reality Apply and optional embodiment is given in example three, not in this to go forth.
To sum up, the method that the identification that the embodiment of the present invention one is provided is asked website unauthorized access, white list defines visit The legitimacy rule of hyperlink request is asked, when server obtains the access request that client is initiated website, the white list is loaded Defined legitimacy rule, the legitimacy rule that the link of the access request got and white list are defined is matched, Tentatively recognize whether the access request got is legal according to matching result, scheme is realized simply, can efficiently recognize access The legitimacy of request, need not load blocker when access request is legal, preliminary to recognize that loading blocker enters when access request is illegal One step is demonstrate,proved, and the legitimacy of access request can be recognized exactly, and realizes on-demand loading blocker, is saved server resource and is accounted for With improving and attack the accuracy that is intercepted to CSRF.
Embodiment two
Fig. 2 is refer to, it is the method that a kind of identification that the embodiment of the present invention two is provided is asked website unauthorized access Schematic flow sheet.The present embodiment and the main distinction of embodiment one be, the present embodiment on the basis of embodiment, further for S120 in embodiment one provides a kind of optional embodiment.
As shown in Fig. 2 the method that a kind of identification that the present embodiment is provided is asked website unauthorized access, can include as follows Step:
The access request that S210, acquisition client are initiated website.
Optionally, on the basis of embodiment one, the S120 in Fig. 1 can include two steps of S221 and S222, wherein:
S221, the access request got is parsed, obtain the link of access request.
Exemplary, the present embodiment is parsed to the access request got, refers to Website server to getting The request message parsing of access request, obtains the link part of the access request in request message.
S222, the legitimacy rule of the link of access request and white list matched, if the match is successful, it is determined that The access request got is legal, if matching is unsuccessful, it is determined that the access request got is illegal.
Exemplary, the match is successful described in the present embodiment, refers to the chain for the access request that Website server is got Connect and be not provided with identifier, it is consistent with legitimacy rule as defined in white list;Similarly, the matching described in the present embodiment not into Work(, refers to that the chain for the access request that Website server is got is connected to setting identifier, with legitimacy rule as defined in white list It is inconsistent.
Explanation is needed also exist for, the present embodiment, by the legitimacy rule of white list, is the visit for tentatively judging to get Ask whether request is legal, for being tentatively judged as legal access request without further verifying, but for being tentatively judged as Illegal access request need to load blocker and further verify whether it is unauthorized access request, the operating process further verified Optional embodiment is given in embodiment three, not in this to go forth.
To sum up, the method that the identification that the embodiment of the present invention two is provided is asked website unauthorized access, white list defines visit The legitimacy rule of hyperlink request is asked, when server obtains the access request that client is initiated website, the white list is loaded Defined legitimacy rule, and to getting, the legitimacy that the link of the access request got and white list are defined Rule is matched, and tentatively recognizes whether the access request got is legal according to matching result, and scheme is realized simply, can be high The legitimacy of effect ground identification access request, need not load blocker when access request is legal, when tentatively identification access request is illegal Loading blocker is further verified, the legitimacy of access request can be recognized exactly, and realizes on-demand loading blocker, is saved Server resource takes, and improves and attacks the accuracy intercepted to CSRF.
Embodiment three
Fig. 3 is refer to, it is the stream for the method that a kind of identification of the invention for applying the offer of example three is asked website unauthorized access Journey schematic diagram.The present embodiment is on the basis of any of the above-described embodiment, supplemented with tentatively being recognized in the legitimacy by white list Go out access request it is whether legal after operating process, and further provide client to website initiate access request it is optional Embodiment.
As shown in figure 3, the method that a kind of identification that the present embodiment is provided is asked website unauthorized access, can include as follows Step:
S311, receive the first resource request that client is initiated website, first resource request carry user identify, the One IP address and first initiates the time.
S312, identified according to user, the first IP address and the first initiation time, generate the first check code.
S313, the first check code is encrypted, obtains the second check code, and the second check code is sent to client.
S314, reception client are decrypted after the second check code, and the Secondary resource that website is initiated is asked, Secondary resource request Carry user's mark, the first check code, the second IP address and the second initiation time.
It is exemplary, client by browser to website initiate access request when, it will usually successively initiate resource twice Request, i.e. first resource request and Secondary resource request.User's mark can be account, the client that user registers on website The digital code information such as machine code.First IP address refers to the IP of client when Website server receives first resource request Location, the first initiation time refers to time point when Website server receives first resource request, and the second IP address refers to website The IP address of client when server receives Secondary resource request, the second initiation time refers to that Website server receives second Time point during resource request.
Website server is identified according to user, the first IP address and the first initiation time, is generated by setting operation rule First check code, user's mark, the first IP address and the first initiation time can constitute a digital code, and the first check code is general Behind this digital code, the accuracy for examining digital code, it is preferred that the first check code passes through md5 AESs It is encrypted.When Website server is to client transmissions first check code, to avoid user not by client Directly obtain the first effect code to initiate to ask to server, improve Information Security, it is preferred that Website server is first added by XOR Close algorithm obtains the second check code to the first verification code encryption, is passed the first check code indirectly in the way of transmitting the second check code Client is defeated by, client obtains the first check code by corresponding decryption rule to the decryption of the second check code, and to by encrypting First check code of processing is decrypted.
It should be noted that specific AES and decipherment algorithm that the present embodiment is mentioned, are not constituted to skill of the present invention The restriction of art scheme, it should be appreciated by the person skilled in the art that specific AES and decipherment algorithm have many kinds, herein The citing that differs is repeated.
S320, the legitimacy rule of the link of the access request got and white list matched, according to matching knot Really recognize whether the access request got is legal.
It is exemplary, when Website server tentatively identifies that the access request that gets is legal, without loading blocker Intercept Interview request is verified again, performs following S330;When Website server tentatively identifies that the access request got closes illegal When, blocker Intercept Interview request need to be loaded, to the further checking of access request, following S340 are performed.
S330, response access request, response data is sent to client.
Exemplary, when Website server tentatively identifies that access request is legal according to the legitimacy rule of white list, It is conventional access request to represent the access request, does not influence web portal security, therefore, normal response access request, to client Response data is sent, flow terminates.
S340, the first check code of parsing, obtain the first IP address and first and initiate the time.
Exemplary, the first check code of parsing refers to transport the regular numeral calculated before check code by above-mentioned setting Code, the digital code with user by that can be identified, the first IP address and the first initiation time are constituted.
S350, judge whether the first IP address is legal, first initiates whether the time is legal, and first initiates time and the second hair Rise the time between the time difference whether be not more than preset duration, and the first IP address and the second IP address it is whether identical.
Exemplary, judge whether the first IP address is legal and whether the first initiation time is legal, and basis for estimation is mainly Whether the form of IP address is mess code, and initiate the time form whether be mess code, wherein, form for mess code IP address and The initiation time thinks illegal.Preset duration in the present embodiment is 2 minutes, in other embodiments it can also be provided that other Numerical value, is not limited in any way herein.
It should be noted that this step judges operation comprising four, only when four judged results for judging operation are During "Yes", above-mentioned S330 is just performed, otherwise, there are any one or more judged results for judging operation for "No", then under performing State S360.Therefore, when Website server tentatively identifies that access request is illegal by the legitimacy rule of white list, and unexpectedly Taste the access request one be set to unauthorized access request further verified, it is necessary to load blocker and intercept the access request, according to The result of the further checking of blocker finally determines that the access request is that Lawful access request is still unauthorized access request.
S360, access request is not responding to, the access request got to Client-Prompt is illegal.
Exemplary, it is final to determine after the further checking of blocker when being tentatively identified as illegal access request Asked for unauthorized access, then Website server is not responding to access request, the access request got to Client-Prompt is illegal, stream Journey terminates.
To sum up, the method that the identification that the embodiment of the present invention three is provided is asked website unauthorized access, white list defines visit The legitimacy rule of hyperlink request is asked, when server obtains the access request that client is initiated website, the white list is loaded Defined legitimacy rule, the legitimacy rule that the link of the access request got and white list are defined is matched, Tentatively recognize whether the access request got is legal according to matching result, scheme is realized simply, can efficiently recognize access The legitimacy of request, it is non-for preliminary identification access request for tentatively recognizing that legal access request need not load blocker The access request of method, loading blocker, according to the result further verified, finally determines the preliminary identification to its further checking Whether it is unauthorized access request for illegal access request, the legitimacy of access request can be recognized exactly, and realize on demand Blocker is loaded, server resource is saved and takes, improve and the accuracy intercepted is attacked to CSRF.
The following is a kind of embodiment for recognizing the device asked website unauthorized access provided in an embodiment of the present invention, identification Same inventive concept is belonged to the method that the device that website unauthorized access is asked is asked website unauthorized access with above-mentioned identification, The detail content of not detailed description, may be referred to the embodiment of any of the above-described method in the embodiment of device.
Example IV
Fig. 4 A, Fig. 4 B and Fig. 4 C are refer to, wherein, Fig. 4 A are that a kind of identification that the embodiment of the present invention four is provided is non-to website The configuration diagram of the device of method access request;Fig. 4 B are a kind of optional embodiment party of access request acquisition module 410 in Fig. 4 A The configuration diagram of formula;Fig. 4 C are a kind of configuration diagrams of optional embodiment of identification module 420 in Fig. 4 A.
As shown in Figure 4 A, the device 400 that a kind of identification that the present embodiment is provided is asked website unauthorized access, can include Following content:
Access request acquisition module 410, for obtaining the access request that client is initiated website.
Optionally, as shown in Figure 4 B, access request acquisition module 410 can include first resource request reception unit 411, First check code generation unit 412, ciphering unit 413 and Secondary resource request reception unit 414, wherein:
First resource request reception unit 411, for receiving the first resource request that client is initiated website, the first money Source request carries user's mark, the first IP address and the first initiation time.
First check code generation unit 412, for being identified according to user, the first IP address and the first initiation time, generation First check code.
Ciphering unit 413, for the first check code to be encrypted, obtains the second check code, and the second check code is sent out Give client.
Secondary resource request reception unit 414, is decrypted after the second check code, the initiated website for receiving client Two resource requests, Secondary resource request carries user's mark, the first check code, the second IP address and the second initiation time.
Identification module 420, for the link of the access request got to be matched with the legitimacy rule of white list, Recognize whether the access request got is legal according to matching result.
It is preferred that, it is described according to matching result recognize the access request that gets it is whether legal including:When access request When link does not meet setting formal rule, then Intercept Interview is asked;When the link of access request meets setting formal rule, then The access request is not intercepted.
Optionally, as shown in Figure 4 C, identification module 420 can include link acquiring unit 421 and matching unit 422, its In:
Acquiring unit 421 is linked, for being parsed to the access request got, the link of access request is obtained.
Matching unit 422, for the link of access request to be matched with the legitimacy rule of white list, if matching Success, it is determined that the access request got is legal, if matching is unsuccessful, it is determined that the access request got is illegal.
Response data sending module 430, if for recognizing that the access request got is legal, responding access request, Response data is sent to client.
Authentication module 440, if for recognizing that the access request that gets is illegal, parsing the first check code, obtains the One IP address and first initiates the time;If it is determined that the first IP address is legal, first to initiate the time legal, first initiate the time with The time difference between second initiation time is not more than preset duration, and the first IP address is identical with the second IP address, then response is visited Request is asked, response data is returned to client, otherwise, is not responding to access request, the access request got to Client-Prompt Illegally.
To sum up, the device that the identification that the embodiment of the present invention four is provided is asked website unauthorized access, white list defines visit The legitimacy rule of hyperlink request is asked, when server obtains the access request that client is initiated website, the white list is loaded Defined legitimacy rule, the legitimacy rule that the link of the access request got and white list are defined is matched, Tentatively recognize whether the access request got is legal according to matching result, scheme is realized simply, can efficiently recognize access The legitimacy of request, need not load blocker when access request is legal, preliminary to recognize that loading blocker enters when access request is illegal One step is demonstrate,proved, and the legitimacy of access request can be recognized exactly, and realizes on-demand loading blocker, is saved server resource and is accounted for With improving and attack the accuracy that is intercepted to CSRF.
Note, above are only presently preferred embodiments of the present invention and institute's application technology principle.It will be appreciated by those skilled in the art that The invention is not restricted to specific embodiment described here, can carry out for a person skilled in the art it is various it is obvious change, Readjust and substitute without departing from protection scope of the present invention.Therefore, although the present invention is carried out by above example It is described in further detail, but the present invention is not limited only to above example, without departing from the inventive concept, also Other more equivalent embodiments can be included, and the scope of the present invention is determined by scope of the appended claims.

Claims (12)

1. a kind of recognize the method asked website unauthorized access, it is characterised in that methods described includes:
Obtain the access request that client is initiated the website;
The link of the access request got is matched with the legitimacy rule of white list, recognized according to matching result Whether the access request got is legal.
2. the method as described in claim 1, it is characterised in that the access got according to being recognized matching result please Seeking Truth it is no it is legal including:
When the link of the access request does not meet setting formal rule, then the access request is intercepted;
When the link of the access request meets setting formal rule, then the access request is not intercepted.
3. the method as described in claim 1, it is characterised in that the link by the access request got with it is described The legitimacy rule of white list is matched, the whether legal step of the access request got according to being recognized matching result Suddenly, including:
The access request got is parsed, the link of the access request is obtained;
The link of the access request is matched with the legitimacy rule of the white list, if the match is successful, it is determined that The access request got is legal, if matching is unsuccessful, it is determined that the access request got is illegal.
4. the method as described in claim 1, it is characterised in that access of the acquisition client to the initiation of the website please The step of asking, including:
The first resource request that the client is initiated the website is received, the first resource request carries user's mark Know, the first IP address and first initiates the time;
Time is initiated according to user mark, the first IP address and first, the first check code is generated;
First check code is encrypted, the second check code is obtained, and second check code is sent to the client End;
Receive the client to decrypt after second check code, the Secondary resource that the website is initiated is asked, described second Resource request carries user's mark, first check code, the second IP address and the second initiation time.
5. method as claimed in claim 4, it is characterised in that the link by the access request got with it is described The legitimacy rule of white list is matched, the whether legal step of the access request got according to being recognized matching result Afterwards, in addition to:
If the access request got described in identification is illegal, first check code is parsed, first IP address is obtained The time is initiated with first;
If it is determined that first IP address is legal, described first to initiate the time legal, and described first initiates time and described the The time difference between two initiation times is not more than preset duration, and first IP address is identical with second IP address, then The access request is responded, response data is returned to the client, otherwise, the access request is not responding to, to the client The access request got described in the prompting of end is illegal.
6. the method as described in claim any one of 1-4, it is characterised in that the chain by the access request got Connect and matched with the legitimacy rule of the white list, whether the access request got according to being recognized matching result closes After the step of method, in addition to:
If the access request got described in identification is legal, the access request is responded, sends and responds to the client Data.
7. a kind of recognize the device asked website unauthorized access, it is characterised in that described device includes:
Access request acquisition module, for obtaining the access request that client is initiated the website;
Identification module, for the link of the access request got to be matched with the legitimacy rule of white list, root It is whether legal according to the access request got described in matching result identification.
8. device as claimed in claim 7, it is characterised in that the access got according to being recognized matching result please Seeking Truth it is no it is legal including:
When the link of the access request does not meet setting formal rule, then the access request is intercepted;
When the link of the access request meets setting formal rule, then the access request is not intercepted.
9. device as claimed in claim 7, it is characterised in that the identification module includes:
Acquiring unit is linked, for being parsed to the access request got, the link of the access request is obtained;
Matching unit, for the link of the access request to be matched with the legitimacy rule of the white list, if With success, it is determined that the access request got is legal, if matching is unsuccessful, it is determined that the access got please Ask illegal.
10. device as claimed in claim 7, it is characterised in that the access request acquisition module includes:
First resource request reception unit, it is described for receiving the first resource request that the client is initiated the website First resource request carries user's mark, the first IP address and the first initiation time;
First check code generation unit, for being initiated the time according to user mark, the first IP address and first, generation first Check code;
Ciphering unit, for first check code to be encrypted, obtains the second check code, and second check code is sent out Give the client;
Secondary resource request reception unit, decrypts after second check code for receiving the client, the website is sent out The Secondary resource request risen, the Secondary resource request carries user's mark, first check code, the second IP address The time is initiated with second.
11. device as claimed in claim 10, it is characterised in that described device also includes:
Authentication module, if illegal for the access request got described in identification, parses first check code, obtains institute State the first IP address and the first initiation time;If it is determined that first IP address is legal, the first initiation time is legal, institute State the time difference no more than preset duration between the first initiation time and the second initiation time, and first IP address and Second IP address is identical, then responds the access request, returns to response data to the client, otherwise, is not responding to institute Access request is stated, it is illegal to the access request got described in the Client-Prompt.
12. the device as described in claim any one of 7-10, it is characterised in that described device also includes:
Response data sending module, if legal for the access request got described in identification, responds the access request, Response data is sent to the client.
CN201710301078.0A 2017-05-02 2017-05-02 Method and device for identifying illegal access request to website Active CN107046544B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710301078.0A CN107046544B (en) 2017-05-02 2017-05-02 Method and device for identifying illegal access request to website

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710301078.0A CN107046544B (en) 2017-05-02 2017-05-02 Method and device for identifying illegal access request to website

Publications (2)

Publication Number Publication Date
CN107046544A true CN107046544A (en) 2017-08-15
CN107046544B CN107046544B (en) 2020-09-29

Family

ID=59546940

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710301078.0A Active CN107046544B (en) 2017-05-02 2017-05-02 Method and device for identifying illegal access request to website

Country Status (1)

Country Link
CN (1) CN107046544B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108197467A (en) * 2018-01-11 2018-06-22 郑州云海信息技术有限公司 A kind of automated detection method and system of CSRF loopholes
CN109218320A (en) * 2018-09-25 2019-01-15 中国平安人寿保险股份有限公司 Web-site links security verification method, device, computer equipment and storage medium
CN109743309A (en) * 2018-12-28 2019-05-10 微梦创科网络科技(中国)有限公司 A kind of illegal request recognition methods, device and electronic equipment
CN109981600A (en) * 2019-03-06 2019-07-05 山东信天辰信息安全技术有限公司 A kind of safety evaluation system that website reinforces
CN110545269A (en) * 2019-08-22 2019-12-06 西安四叶草信息技术有限公司 Access control method, device and storage medium
CN112350992A (en) * 2020-09-28 2021-02-09 广东电力信息科技有限公司 Safety protection method, device, equipment and storage medium based on web white list
CN112637106A (en) * 2019-09-24 2021-04-09 成都鼎桥通信技术有限公司 Method and device for terminal to access website
CN113660274A (en) * 2021-08-18 2021-11-16 中国电信股份有限公司 Website information processing method and device, storage medium and electronic equipment
CN115021998A (en) * 2022-05-27 2022-09-06 福建天晴数码有限公司 Method and system for static resource double anti-stealing link
CN115208593A (en) * 2021-03-26 2022-10-18 南宁富联富桂精密工业有限公司 Security monitoring method, terminal and computer readable storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101789947A (en) * 2010-02-21 2010-07-28 成都市华为赛门铁克科技有限公司 Method and firewall for preventing HTTP POST flooding attacks
CN103442016A (en) * 2013-09-05 2013-12-11 星云融创(北京)信息技术有限公司 Method and system for pushing white list based on website fingerprint
US20140096194A1 (en) * 2010-12-30 2014-04-03 Verisign, Inc. Client-side active validation for mitigating ddos attacks
CN104301302A (en) * 2014-09-12 2015-01-21 深信服网络科技(深圳)有限公司 Unauthorized attack detection method and device
CN106549925A (en) * 2015-09-23 2017-03-29 阿里巴巴集团控股有限公司 Prevent method, the apparatus and system of cross-site request forgery

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101789947A (en) * 2010-02-21 2010-07-28 成都市华为赛门铁克科技有限公司 Method and firewall for preventing HTTP POST flooding attacks
US20140096194A1 (en) * 2010-12-30 2014-04-03 Verisign, Inc. Client-side active validation for mitigating ddos attacks
CN103442016A (en) * 2013-09-05 2013-12-11 星云融创(北京)信息技术有限公司 Method and system for pushing white list based on website fingerprint
CN104301302A (en) * 2014-09-12 2015-01-21 深信服网络科技(深圳)有限公司 Unauthorized attack detection method and device
CN106549925A (en) * 2015-09-23 2017-03-29 阿里巴巴集团控股有限公司 Prevent method, the apparatus and system of cross-site request forgery

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108197467A (en) * 2018-01-11 2018-06-22 郑州云海信息技术有限公司 A kind of automated detection method and system of CSRF loopholes
CN109218320A (en) * 2018-09-25 2019-01-15 中国平安人寿保险股份有限公司 Web-site links security verification method, device, computer equipment and storage medium
CN109218320B (en) * 2018-09-25 2022-09-09 中国平安人寿保险股份有限公司 Website link security verification method and device, computer equipment and storage medium
CN109743309A (en) * 2018-12-28 2019-05-10 微梦创科网络科技(中国)有限公司 A kind of illegal request recognition methods, device and electronic equipment
CN109743309B (en) * 2018-12-28 2021-09-10 微梦创科网络科技(中国)有限公司 Illegal request identification method and device and electronic equipment
CN109981600B (en) * 2019-03-06 2021-08-17 山东信天辰信息安全技术有限公司 Security assessment system for website reinforcement
CN109981600A (en) * 2019-03-06 2019-07-05 山东信天辰信息安全技术有限公司 A kind of safety evaluation system that website reinforces
CN110545269A (en) * 2019-08-22 2019-12-06 西安四叶草信息技术有限公司 Access control method, device and storage medium
CN112637106A (en) * 2019-09-24 2021-04-09 成都鼎桥通信技术有限公司 Method and device for terminal to access website
CN112637106B (en) * 2019-09-24 2023-01-31 成都鼎桥通信技术有限公司 Method and device for terminal to access website
CN112350992A (en) * 2020-09-28 2021-02-09 广东电力信息科技有限公司 Safety protection method, device, equipment and storage medium based on web white list
CN115208593A (en) * 2021-03-26 2022-10-18 南宁富联富桂精密工业有限公司 Security monitoring method, terminal and computer readable storage medium
CN115208593B (en) * 2021-03-26 2023-08-18 南宁富联富桂精密工业有限公司 Security monitoring method, terminal and computer readable storage medium
CN113660274A (en) * 2021-08-18 2021-11-16 中国电信股份有限公司 Website information processing method and device, storage medium and electronic equipment
CN113660274B (en) * 2021-08-18 2023-04-07 中国电信股份有限公司 Website information processing method and device, storage medium and electronic equipment
CN115021998A (en) * 2022-05-27 2022-09-06 福建天晴数码有限公司 Method and system for static resource double anti-stealing link
CN115021998B (en) * 2022-05-27 2023-08-11 福建天晴数码有限公司 Method and system for dual anti-theft chain of static resources

Also Published As

Publication number Publication date
CN107046544B (en) 2020-09-29

Similar Documents

Publication Publication Date Title
CN107046544A (en) A kind of method and apparatus of the unauthorized access request recognized to website
CN103944900B (en) It is a kind of that attack prevention method and its device are asked across station based on encryption
CN107135073B (en) Interface calling method and device
CN104283841B (en) The method, apparatus and system of service access control are carried out to third-party application
CN105516208B (en) A kind of WEB web site url dynamic hidden methods effectivelying prevent network attack
US8019995B2 (en) Method and apparatus for preventing internet phishing attacks
CN107209830A (en) Method for recognizing and resisting network attack
CN103297437A (en) Safety server access method for mobile intelligent terminal
CN108605037B (en) Method for transmitting digital information
CN107016074B (en) Webpage loading method and device
EP2695410B1 (en) Methods and apparatuses for avoiding damage in network attacks
CN108322416B (en) Security authentication implementation method, device and system
CN108282441B (en) Advertisement blocking method and device
CN106549909A (en) A kind of authority checking method and apparatus
CN109587683B (en) Method and system for preventing short message from being monitored, application program and terminal information database
CN110572392A (en) Identity authentication method based on HyperLegger network
CN109495458A (en) A kind of method, system and the associated component of data transmission
CN105553983B (en) A kind of web data guard method
CN107294917A (en) One kind trusts login method and device
CN104811421A (en) Secure communication method and secure communication device based on digital rights management
CN106470186A (en) A kind of to redirect the method that mode accesses third party's resource
CN107294920B (en) Reverse trust login method and device
CN104104686A (en) Mobile Internet based network packet analysis and discovery method
CN107086918A (en) A kind of client validation method and server
CN111193708A (en) Code scanning login method and device based on enterprise browser

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant