CN107046544A - A kind of method and apparatus of the unauthorized access request recognized to website - Google Patents
A kind of method and apparatus of the unauthorized access request recognized to website Download PDFInfo
- Publication number
- CN107046544A CN107046544A CN201710301078.0A CN201710301078A CN107046544A CN 107046544 A CN107046544 A CN 107046544A CN 201710301078 A CN201710301078 A CN 201710301078A CN 107046544 A CN107046544 A CN 107046544A
- Authority
- CN
- China
- Prior art keywords
- access request
- website
- client
- request
- legal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Abstract
The embodiment of the invention discloses a kind of method and apparatus for recognizing and asking website unauthorized access.Wherein, the method that identification is asked website unauthorized access, it is characterised in that method includes:The access request that client is initiated website is obtained, the link of the access request got is matched with the legitimacy rule of white list, recognizes whether the access request got is legal according to matching result.White list defines the legitimacy rule of access request, when Website server gets access request, load the legitimacy rule that the white list is defined, the legitimacy rule that the access request got and white list are defined is matched, tentatively recognize whether the access request got is legal according to matching result, to determine whether that loading blocker is further verified according to preliminary recognition result, the legitimacy of access request can efficiently and accurately be recognized, and realize on-demand loading blocker, server resource is saved to take, improve and the accuracy intercepted is attacked to CSRF.
Description
Technical field
The present invention relates to technical field of network security, more particularly to a kind of method of the unauthorized access request recognized to website
And device.
Background technology
The safety problem of current web is increasingly serious, and website webmaster will search out suspicious from substantial amounts of access request
Movable sign is highly difficult.
In the prior art, a kind of illegal http of identification (hyper text transfer protocol, Hyper text transfer association
View) scheme of access request is, according to known attack strategy (such as CSRF is attacked, sql injection attacks), to formulate Corresponding matching plan
Slightly (judging the forbidden character in access request and illegal keyword) asks to intercept unauthorized access, realizes the approach of the program
It is to be filtered using special hardware firewall to load respective rule;It can be used and tested based on the means of defence that CSRF is attacked
Http referer fields are demonstrate,proved to realize, wherein, according to http agreements, there is a field in http referer, http
The referer field records source address of the http access requests.Another method is to hide one in each page table list
Input check values are detected field, consistent for being verified whether with server.
In the method for prior art, unauthorized access request, this means of defence peace are intercepted according to predetermined matching strategy
Full property is not high, and the protection effect attacked CSRF is bad, and detection efficiency is not high, it is not necessary to which the http request of detection can also take inspection
Survey resource.Method by adding input check values in each page table list, its development process is cumbersome, inefficiency.
The content of the invention
To solve Related Technical Issues, the present invention provides a kind of method and apparatus for recognizing and asking website unauthorized access,
Efficiently and accurately to identify the unauthorized access request to website.
To achieve the above object, the embodiment of the present invention is adopted the following technical scheme that:
In a first aspect, the embodiments of the invention provide a kind of method for recognizing and asking website unauthorized access, methods described
Including:
Obtain the access request that client is initiated the website;
The link of the access request got is matched with the legitimacy rule of white list, according to matching result
Whether the access request got described in identification is legal.
Second aspect, the embodiment of the present invention is also corresponded to there is provided a kind of device for recognizing and asking website unauthorized access, institute
Stating device includes:
Access request acquisition module, for obtaining the access request that client is initiated the website;
An identification module, for the legitimacy of the link of the access request got and white list rule to be carried out
Match somebody with somebody, whether the access request got according to being recognized matching result is legal.
The beneficial effect that technical scheme provided in an embodiment of the present invention is brought:
In the technical program, white list defines the legitimacy rule of access request link, when Website server obtains visitor
During the access request that family end is initiated website, legitimacy rule defined in the white list is loaded, by the access request got
The legitimacy rule that defines of link and white list matched, the access request got is tentatively recognized according to matching result
Whether legal, scheme is realized simply, the legitimacy of access request efficiently can be tentatively identified, to determine subsequently whether continue
Further verify whether it is legal, to determine whether that loading blocker is further verified according to preliminary recognition result, accessing please
Blocker need not be loaded when asking legal, it is preliminary to recognize that loading blocker is further verified when access request is illegal, know exactly
The legitimacy of other access request, and on-demand loading blocker is realized, save server resource and take, improve and CSRF is attacked
The accuracy intercepted.
Brief description of the drawings
Technical scheme in order to illustrate the embodiments of the present invention more clearly, institute in being described below to the embodiment of the present invention
The accompanying drawing needed to use is briefly described, it should be apparent that, drawings in the following description are only some implementations of the present invention
Example, for those of ordinary skill in the art, on the premise of not paying creative work, can also be according to present invention implementation
The content and these accompanying drawings of example obtain other accompanying drawings.
Fig. 1 is the flow signal for the method that a kind of identification that the embodiment of the present invention one is provided is asked website unauthorized access
Figure;
Fig. 2 is the flow signal for the method that a kind of identification that the embodiment of the present invention two is provided is asked website unauthorized access
Figure;
Fig. 3 is the flow signal for the method that a kind of identification that the embodiment of the present invention three is provided is asked website unauthorized access
Figure;
Fig. 4 A are the framework signals for the device that a kind of identification that the embodiment of the present invention four is provided is asked website unauthorized access
Figure;
Fig. 4 B are a kind of configuration diagrams of optional embodiment of access request acquisition module 410 in Fig. 4 A;
Fig. 4 C are a kind of configuration diagrams of optional embodiment of identification module 420 in Fig. 4 A.
Embodiment
For make present invention solves the technical problem that, the technical scheme that uses and the technique effect that reaches it is clearer, below
The technical scheme of the embodiment of the present invention will be described in further detail with reference to accompanying drawing, it is clear that described embodiment is only
It is a part of embodiment of the invention, rather than whole embodiments.Based on the embodiment in the present invention, those skilled in the art exist
The every other embodiment obtained under the premise of creative work is not made, the scope of protection of the invention is belonged to.
Embodiment one
Fig. 1 is refer to, it is the method that a kind of identification that the embodiment of the present invention one is provided is asked website unauthorized access
Schematic flow sheet.The method that a kind of identification that the present embodiment is provided is asked website unauthorized access, it is adaptable to recognize client pair
The whether legal scene of access request that website is initiated.The side that a kind of identification that the present embodiment is provided is asked website unauthorized access
Method, can be performed by recognizing the device asked website unauthorized access, and the device can be by software and/or hardware come real
It is existing, and be integrated in corresponding Website server.
As shown in figure 1, the method that a kind of identification that the present embodiment is provided is asked website unauthorized access, can include as follows
Step:
The access request that S110, acquisition client are initiated website.
Exemplary, the terminal device that client can be held for client, such as desktop computer, notebook computer, flat board
Computer, mobile phone etc..Website can refer on the internet according to certain rule, use HTML (Hyper Text Markup
Language, HTML) etc. tool making be used for show the set of certain content related web page, briefly,
Website is a kind of tool of communications, and website making person can be issued by website oneself wants disclosed information, or utilizes net
Stand to provide the network service of correlation.Website server refers to the server that website is deposited in Internet data center, mainly
It is the infrastructure of network application, every Website server can be received at least for issue, application of the website in internet
The web site requests that one client is initiated website.Access request can browse web sites browsing for web page contents including user please
Ask, the registration request of user's register account number on website, user logs in the logging request of existing account on website, and illegal
Abnormal access request initiated during personnel malicious attack website etc..In the present embodiment, access request can be divided into conventional access
Request, particular access request and abnormal access request, conventional access request is this kind of including browse request etc. not to be related to web portal security
Access request, particular access request include registration request, logging request and requiring access directory web site file request etc. this
Class may influence the access request of web portal security, and abnormal access request includes requiring distorting the request of directory web site file etc. this kind of
The access request of malicious attack website.
For example, the web browser that user can be on the client inputs the website information of website, opens website net
Page, client initiates access request according to the operation of user to website, and Website server gets the access request.Wherein, it is objective
The concrete mode of access request is initiated at family end, and the concrete mode of Website server acquisition access request can be according to actual conditions
Set, be not limited in any way here.
S120, the legitimacy rule of the link of the access request got and white list matched, according to matching knot
Really recognize whether the access request got is legal.
Exemplary, the link of access request is also referred to as hyperlink, refers to the connection that a target is pointed to from a webpage
Relation, pointed target can be the diverse location in another webpage or same web page, can also be picture,
E-mail address, even file, application program etc., the access request that the target view site server being specifically directed towards is got
Depending on.White list in the present embodiment is to be based on PHP (PHP:Hypertext Preprocessor, HyperText Preprocessor) frame
Frame Kohana configurations, the white list defines the legitimacy rule of access request link, and the legitimacy rule of white list is net
Site server tentatively judges the whether legal foundation of the access request got.
For example, Website server administrative staff can be in advance in the link for pointing to each target in website, to not meeting
The link of specific link form sets identifier, to represent tentatively to be judged as the access request that link that unauthorized access please
Ask, it is necessary to which loading blocker intercepts the access request, whether further verify the access request is unauthorized access request, and to symbol
The link for closing specific link form is then not provided with the identifier, and the access request of this kind of link of acquiescence correspondence is legal, without loading
Blocker is intercepted.Website server administrative staff specifically can be according to (the Uniform Resource of the URL in each link
Locator, URL) decide whether to set identifier for some link, each file destination on website
One unique URL information of correspondence, the URL information in link, it may be determined that the type of the corresponding access request of the link,
URL information for example in link, it may be determined that the corresponding access request of the link please for conventional access request, specific access
Ask or abnormal access request, the link for conventional access request is not provided with identifier, link for particular access request and
The link of abnormal access request sets identifier.
It is preferred that, the access request that gets according to being recognized matching result it is whether legal including:Please when accessing
When the link asked does not meet setting formal rule, then Intercept Interview is asked;When the link of access request meets setting formal rule
When, then not Intercept Interview is asked.That is the legitimacy rule of white list is defined as:It is corresponding for the link that is not provided with identifier
Access request is determined as that Lawful access is asked, and is not required to the Intercept Interview request of loading blocker.For there is the link for setting identifier
Corresponding access request is considered as not meeting the legitimacy rule of white list, and preliminary judgement is that unauthorized access is asked, it is necessary to load
Blocker Intercept Interview request further verifies whether it is illegal request.
It should be noted that legitimacy rule of the present embodiment by white list, is tentatively to judge that the access got please
Seeking Truth is no legal, for being tentatively judged as legal access request without further verifying, but is judged as illegally for preliminary
Access request need to load blocker further verify its whether be unauthorized access request, the operating process further verified is in reality
Apply and optional embodiment is given in example three, not in this to go forth.
To sum up, the method that the identification that the embodiment of the present invention one is provided is asked website unauthorized access, white list defines visit
The legitimacy rule of hyperlink request is asked, when server obtains the access request that client is initiated website, the white list is loaded
Defined legitimacy rule, the legitimacy rule that the link of the access request got and white list are defined is matched,
Tentatively recognize whether the access request got is legal according to matching result, scheme is realized simply, can efficiently recognize access
The legitimacy of request, need not load blocker when access request is legal, preliminary to recognize that loading blocker enters when access request is illegal
One step is demonstrate,proved, and the legitimacy of access request can be recognized exactly, and realizes on-demand loading blocker, is saved server resource and is accounted for
With improving and attack the accuracy that is intercepted to CSRF.
Embodiment two
Fig. 2 is refer to, it is the method that a kind of identification that the embodiment of the present invention two is provided is asked website unauthorized access
Schematic flow sheet.The present embodiment and the main distinction of embodiment one be, the present embodiment on the basis of embodiment, further for
S120 in embodiment one provides a kind of optional embodiment.
As shown in Fig. 2 the method that a kind of identification that the present embodiment is provided is asked website unauthorized access, can include as follows
Step:
The access request that S210, acquisition client are initiated website.
Optionally, on the basis of embodiment one, the S120 in Fig. 1 can include two steps of S221 and S222, wherein:
S221, the access request got is parsed, obtain the link of access request.
Exemplary, the present embodiment is parsed to the access request got, refers to Website server to getting
The request message parsing of access request, obtains the link part of the access request in request message.
S222, the legitimacy rule of the link of access request and white list matched, if the match is successful, it is determined that
The access request got is legal, if matching is unsuccessful, it is determined that the access request got is illegal.
Exemplary, the match is successful described in the present embodiment, refers to the chain for the access request that Website server is got
Connect and be not provided with identifier, it is consistent with legitimacy rule as defined in white list;Similarly, the matching described in the present embodiment not into
Work(, refers to that the chain for the access request that Website server is got is connected to setting identifier, with legitimacy rule as defined in white list
It is inconsistent.
Explanation is needed also exist for, the present embodiment, by the legitimacy rule of white list, is the visit for tentatively judging to get
Ask whether request is legal, for being tentatively judged as legal access request without further verifying, but for being tentatively judged as
Illegal access request need to load blocker and further verify whether it is unauthorized access request, the operating process further verified
Optional embodiment is given in embodiment three, not in this to go forth.
To sum up, the method that the identification that the embodiment of the present invention two is provided is asked website unauthorized access, white list defines visit
The legitimacy rule of hyperlink request is asked, when server obtains the access request that client is initiated website, the white list is loaded
Defined legitimacy rule, and to getting, the legitimacy that the link of the access request got and white list are defined
Rule is matched, and tentatively recognizes whether the access request got is legal according to matching result, and scheme is realized simply, can be high
The legitimacy of effect ground identification access request, need not load blocker when access request is legal, when tentatively identification access request is illegal
Loading blocker is further verified, the legitimacy of access request can be recognized exactly, and realizes on-demand loading blocker, is saved
Server resource takes, and improves and attacks the accuracy intercepted to CSRF.
Embodiment three
Fig. 3 is refer to, it is the stream for the method that a kind of identification of the invention for applying the offer of example three is asked website unauthorized access
Journey schematic diagram.The present embodiment is on the basis of any of the above-described embodiment, supplemented with tentatively being recognized in the legitimacy by white list
Go out access request it is whether legal after operating process, and further provide client to website initiate access request it is optional
Embodiment.
As shown in figure 3, the method that a kind of identification that the present embodiment is provided is asked website unauthorized access, can include as follows
Step:
S311, receive the first resource request that client is initiated website, first resource request carry user identify, the
One IP address and first initiates the time.
S312, identified according to user, the first IP address and the first initiation time, generate the first check code.
S313, the first check code is encrypted, obtains the second check code, and the second check code is sent to client.
S314, reception client are decrypted after the second check code, and the Secondary resource that website is initiated is asked, Secondary resource request
Carry user's mark, the first check code, the second IP address and the second initiation time.
It is exemplary, client by browser to website initiate access request when, it will usually successively initiate resource twice
Request, i.e. first resource request and Secondary resource request.User's mark can be account, the client that user registers on website
The digital code information such as machine code.First IP address refers to the IP of client when Website server receives first resource request
Location, the first initiation time refers to time point when Website server receives first resource request, and the second IP address refers to website
The IP address of client when server receives Secondary resource request, the second initiation time refers to that Website server receives second
Time point during resource request.
Website server is identified according to user, the first IP address and the first initiation time, is generated by setting operation rule
First check code, user's mark, the first IP address and the first initiation time can constitute a digital code, and the first check code is general
Behind this digital code, the accuracy for examining digital code, it is preferred that the first check code passes through md5 AESs
It is encrypted.When Website server is to client transmissions first check code, to avoid user not by client
Directly obtain the first effect code to initiate to ask to server, improve Information Security, it is preferred that Website server is first added by XOR
Close algorithm obtains the second check code to the first verification code encryption, is passed the first check code indirectly in the way of transmitting the second check code
Client is defeated by, client obtains the first check code by corresponding decryption rule to the decryption of the second check code, and to by encrypting
First check code of processing is decrypted.
It should be noted that specific AES and decipherment algorithm that the present embodiment is mentioned, are not constituted to skill of the present invention
The restriction of art scheme, it should be appreciated by the person skilled in the art that specific AES and decipherment algorithm have many kinds, herein
The citing that differs is repeated.
S320, the legitimacy rule of the link of the access request got and white list matched, according to matching knot
Really recognize whether the access request got is legal.
It is exemplary, when Website server tentatively identifies that the access request that gets is legal, without loading blocker
Intercept Interview request is verified again, performs following S330;When Website server tentatively identifies that the access request got closes illegal
When, blocker Intercept Interview request need to be loaded, to the further checking of access request, following S340 are performed.
S330, response access request, response data is sent to client.
Exemplary, when Website server tentatively identifies that access request is legal according to the legitimacy rule of white list,
It is conventional access request to represent the access request, does not influence web portal security, therefore, normal response access request, to client
Response data is sent, flow terminates.
S340, the first check code of parsing, obtain the first IP address and first and initiate the time.
Exemplary, the first check code of parsing refers to transport the regular numeral calculated before check code by above-mentioned setting
Code, the digital code with user by that can be identified, the first IP address and the first initiation time are constituted.
S350, judge whether the first IP address is legal, first initiates whether the time is legal, and first initiates time and the second hair
Rise the time between the time difference whether be not more than preset duration, and the first IP address and the second IP address it is whether identical.
Exemplary, judge whether the first IP address is legal and whether the first initiation time is legal, and basis for estimation is mainly
Whether the form of IP address is mess code, and initiate the time form whether be mess code, wherein, form for mess code IP address and
The initiation time thinks illegal.Preset duration in the present embodiment is 2 minutes, in other embodiments it can also be provided that other
Numerical value, is not limited in any way herein.
It should be noted that this step judges operation comprising four, only when four judged results for judging operation are
During "Yes", above-mentioned S330 is just performed, otherwise, there are any one or more judged results for judging operation for "No", then under performing
State S360.Therefore, when Website server tentatively identifies that access request is illegal by the legitimacy rule of white list, and unexpectedly
Taste the access request one be set to unauthorized access request further verified, it is necessary to load blocker and intercept the access request, according to
The result of the further checking of blocker finally determines that the access request is that Lawful access request is still unauthorized access request.
S360, access request is not responding to, the access request got to Client-Prompt is illegal.
Exemplary, it is final to determine after the further checking of blocker when being tentatively identified as illegal access request
Asked for unauthorized access, then Website server is not responding to access request, the access request got to Client-Prompt is illegal, stream
Journey terminates.
To sum up, the method that the identification that the embodiment of the present invention three is provided is asked website unauthorized access, white list defines visit
The legitimacy rule of hyperlink request is asked, when server obtains the access request that client is initiated website, the white list is loaded
Defined legitimacy rule, the legitimacy rule that the link of the access request got and white list are defined is matched,
Tentatively recognize whether the access request got is legal according to matching result, scheme is realized simply, can efficiently recognize access
The legitimacy of request, it is non-for preliminary identification access request for tentatively recognizing that legal access request need not load blocker
The access request of method, loading blocker, according to the result further verified, finally determines the preliminary identification to its further checking
Whether it is unauthorized access request for illegal access request, the legitimacy of access request can be recognized exactly, and realize on demand
Blocker is loaded, server resource is saved and takes, improve and the accuracy intercepted is attacked to CSRF.
The following is a kind of embodiment for recognizing the device asked website unauthorized access provided in an embodiment of the present invention, identification
Same inventive concept is belonged to the method that the device that website unauthorized access is asked is asked website unauthorized access with above-mentioned identification,
The detail content of not detailed description, may be referred to the embodiment of any of the above-described method in the embodiment of device.
Example IV
Fig. 4 A, Fig. 4 B and Fig. 4 C are refer to, wherein, Fig. 4 A are that a kind of identification that the embodiment of the present invention four is provided is non-to website
The configuration diagram of the device of method access request;Fig. 4 B are a kind of optional embodiment party of access request acquisition module 410 in Fig. 4 A
The configuration diagram of formula;Fig. 4 C are a kind of configuration diagrams of optional embodiment of identification module 420 in Fig. 4 A.
As shown in Figure 4 A, the device 400 that a kind of identification that the present embodiment is provided is asked website unauthorized access, can include
Following content:
Access request acquisition module 410, for obtaining the access request that client is initiated website.
Optionally, as shown in Figure 4 B, access request acquisition module 410 can include first resource request reception unit 411,
First check code generation unit 412, ciphering unit 413 and Secondary resource request reception unit 414, wherein:
First resource request reception unit 411, for receiving the first resource request that client is initiated website, the first money
Source request carries user's mark, the first IP address and the first initiation time.
First check code generation unit 412, for being identified according to user, the first IP address and the first initiation time, generation
First check code.
Ciphering unit 413, for the first check code to be encrypted, obtains the second check code, and the second check code is sent out
Give client.
Secondary resource request reception unit 414, is decrypted after the second check code, the initiated website for receiving client
Two resource requests, Secondary resource request carries user's mark, the first check code, the second IP address and the second initiation time.
Identification module 420, for the link of the access request got to be matched with the legitimacy rule of white list,
Recognize whether the access request got is legal according to matching result.
It is preferred that, it is described according to matching result recognize the access request that gets it is whether legal including:When access request
When link does not meet setting formal rule, then Intercept Interview is asked;When the link of access request meets setting formal rule, then
The access request is not intercepted.
Optionally, as shown in Figure 4 C, identification module 420 can include link acquiring unit 421 and matching unit 422, its
In:
Acquiring unit 421 is linked, for being parsed to the access request got, the link of access request is obtained.
Matching unit 422, for the link of access request to be matched with the legitimacy rule of white list, if matching
Success, it is determined that the access request got is legal, if matching is unsuccessful, it is determined that the access request got is illegal.
Response data sending module 430, if for recognizing that the access request got is legal, responding access request,
Response data is sent to client.
Authentication module 440, if for recognizing that the access request that gets is illegal, parsing the first check code, obtains the
One IP address and first initiates the time;If it is determined that the first IP address is legal, first to initiate the time legal, first initiate the time with
The time difference between second initiation time is not more than preset duration, and the first IP address is identical with the second IP address, then response is visited
Request is asked, response data is returned to client, otherwise, is not responding to access request, the access request got to Client-Prompt
Illegally.
To sum up, the device that the identification that the embodiment of the present invention four is provided is asked website unauthorized access, white list defines visit
The legitimacy rule of hyperlink request is asked, when server obtains the access request that client is initiated website, the white list is loaded
Defined legitimacy rule, the legitimacy rule that the link of the access request got and white list are defined is matched,
Tentatively recognize whether the access request got is legal according to matching result, scheme is realized simply, can efficiently recognize access
The legitimacy of request, need not load blocker when access request is legal, preliminary to recognize that loading blocker enters when access request is illegal
One step is demonstrate,proved, and the legitimacy of access request can be recognized exactly, and realizes on-demand loading blocker, is saved server resource and is accounted for
With improving and attack the accuracy that is intercepted to CSRF.
Note, above are only presently preferred embodiments of the present invention and institute's application technology principle.It will be appreciated by those skilled in the art that
The invention is not restricted to specific embodiment described here, can carry out for a person skilled in the art it is various it is obvious change,
Readjust and substitute without departing from protection scope of the present invention.Therefore, although the present invention is carried out by above example
It is described in further detail, but the present invention is not limited only to above example, without departing from the inventive concept, also
Other more equivalent embodiments can be included, and the scope of the present invention is determined by scope of the appended claims.
Claims (12)
1. a kind of recognize the method asked website unauthorized access, it is characterised in that methods described includes:
Obtain the access request that client is initiated the website;
The link of the access request got is matched with the legitimacy rule of white list, recognized according to matching result
Whether the access request got is legal.
2. the method as described in claim 1, it is characterised in that the access got according to being recognized matching result please
Seeking Truth it is no it is legal including:
When the link of the access request does not meet setting formal rule, then the access request is intercepted;
When the link of the access request meets setting formal rule, then the access request is not intercepted.
3. the method as described in claim 1, it is characterised in that the link by the access request got with it is described
The legitimacy rule of white list is matched, the whether legal step of the access request got according to being recognized matching result
Suddenly, including:
The access request got is parsed, the link of the access request is obtained;
The link of the access request is matched with the legitimacy rule of the white list, if the match is successful, it is determined that
The access request got is legal, if matching is unsuccessful, it is determined that the access request got is illegal.
4. the method as described in claim 1, it is characterised in that access of the acquisition client to the initiation of the website please
The step of asking, including:
The first resource request that the client is initiated the website is received, the first resource request carries user's mark
Know, the first IP address and first initiates the time;
Time is initiated according to user mark, the first IP address and first, the first check code is generated;
First check code is encrypted, the second check code is obtained, and second check code is sent to the client
End;
Receive the client to decrypt after second check code, the Secondary resource that the website is initiated is asked, described second
Resource request carries user's mark, first check code, the second IP address and the second initiation time.
5. method as claimed in claim 4, it is characterised in that the link by the access request got with it is described
The legitimacy rule of white list is matched, the whether legal step of the access request got according to being recognized matching result
Afterwards, in addition to:
If the access request got described in identification is illegal, first check code is parsed, first IP address is obtained
The time is initiated with first;
If it is determined that first IP address is legal, described first to initiate the time legal, and described first initiates time and described the
The time difference between two initiation times is not more than preset duration, and first IP address is identical with second IP address, then
The access request is responded, response data is returned to the client, otherwise, the access request is not responding to, to the client
The access request got described in the prompting of end is illegal.
6. the method as described in claim any one of 1-4, it is characterised in that the chain by the access request got
Connect and matched with the legitimacy rule of the white list, whether the access request got according to being recognized matching result closes
After the step of method, in addition to:
If the access request got described in identification is legal, the access request is responded, sends and responds to the client
Data.
7. a kind of recognize the device asked website unauthorized access, it is characterised in that described device includes:
Access request acquisition module, for obtaining the access request that client is initiated the website;
Identification module, for the link of the access request got to be matched with the legitimacy rule of white list, root
It is whether legal according to the access request got described in matching result identification.
8. device as claimed in claim 7, it is characterised in that the access got according to being recognized matching result please
Seeking Truth it is no it is legal including:
When the link of the access request does not meet setting formal rule, then the access request is intercepted;
When the link of the access request meets setting formal rule, then the access request is not intercepted.
9. device as claimed in claim 7, it is characterised in that the identification module includes:
Acquiring unit is linked, for being parsed to the access request got, the link of the access request is obtained;
Matching unit, for the link of the access request to be matched with the legitimacy rule of the white list, if
With success, it is determined that the access request got is legal, if matching is unsuccessful, it is determined that the access got please
Ask illegal.
10. device as claimed in claim 7, it is characterised in that the access request acquisition module includes:
First resource request reception unit, it is described for receiving the first resource request that the client is initiated the website
First resource request carries user's mark, the first IP address and the first initiation time;
First check code generation unit, for being initiated the time according to user mark, the first IP address and first, generation first
Check code;
Ciphering unit, for first check code to be encrypted, obtains the second check code, and second check code is sent out
Give the client;
Secondary resource request reception unit, decrypts after second check code for receiving the client, the website is sent out
The Secondary resource request risen, the Secondary resource request carries user's mark, first check code, the second IP address
The time is initiated with second.
11. device as claimed in claim 10, it is characterised in that described device also includes:
Authentication module, if illegal for the access request got described in identification, parses first check code, obtains institute
State the first IP address and the first initiation time;If it is determined that first IP address is legal, the first initiation time is legal, institute
State the time difference no more than preset duration between the first initiation time and the second initiation time, and first IP address and
Second IP address is identical, then responds the access request, returns to response data to the client, otherwise, is not responding to institute
Access request is stated, it is illegal to the access request got described in the Client-Prompt.
12. the device as described in claim any one of 7-10, it is characterised in that described device also includes:
Response data sending module, if legal for the access request got described in identification, responds the access request,
Response data is sent to the client.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710301078.0A CN107046544B (en) | 2017-05-02 | 2017-05-02 | Method and device for identifying illegal access request to website |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710301078.0A CN107046544B (en) | 2017-05-02 | 2017-05-02 | Method and device for identifying illegal access request to website |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107046544A true CN107046544A (en) | 2017-08-15 |
CN107046544B CN107046544B (en) | 2020-09-29 |
Family
ID=59546940
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710301078.0A Active CN107046544B (en) | 2017-05-02 | 2017-05-02 | Method and device for identifying illegal access request to website |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107046544B (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108197467A (en) * | 2018-01-11 | 2018-06-22 | 郑州云海信息技术有限公司 | A kind of automated detection method and system of CSRF loopholes |
CN109218320A (en) * | 2018-09-25 | 2019-01-15 | 中国平安人寿保险股份有限公司 | Web-site links security verification method, device, computer equipment and storage medium |
CN109743309A (en) * | 2018-12-28 | 2019-05-10 | 微梦创科网络科技(中国)有限公司 | A kind of illegal request recognition methods, device and electronic equipment |
CN109981600A (en) * | 2019-03-06 | 2019-07-05 | 山东信天辰信息安全技术有限公司 | A kind of safety evaluation system that website reinforces |
CN110545269A (en) * | 2019-08-22 | 2019-12-06 | 西安四叶草信息技术有限公司 | Access control method, device and storage medium |
CN112350992A (en) * | 2020-09-28 | 2021-02-09 | 广东电力信息科技有限公司 | Safety protection method, device, equipment and storage medium based on web white list |
CN112637106A (en) * | 2019-09-24 | 2021-04-09 | 成都鼎桥通信技术有限公司 | Method and device for terminal to access website |
CN113660274A (en) * | 2021-08-18 | 2021-11-16 | 中国电信股份有限公司 | Website information processing method and device, storage medium and electronic equipment |
CN115021998A (en) * | 2022-05-27 | 2022-09-06 | 福建天晴数码有限公司 | Method and system for static resource double anti-stealing link |
CN115208593A (en) * | 2021-03-26 | 2022-10-18 | 南宁富联富桂精密工业有限公司 | Security monitoring method, terminal and computer readable storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101789947A (en) * | 2010-02-21 | 2010-07-28 | 成都市华为赛门铁克科技有限公司 | Method and firewall for preventing HTTP POST flooding attacks |
CN103442016A (en) * | 2013-09-05 | 2013-12-11 | 星云融创(北京)信息技术有限公司 | Method and system for pushing white list based on website fingerprint |
US20140096194A1 (en) * | 2010-12-30 | 2014-04-03 | Verisign, Inc. | Client-side active validation for mitigating ddos attacks |
CN104301302A (en) * | 2014-09-12 | 2015-01-21 | 深信服网络科技(深圳)有限公司 | Unauthorized attack detection method and device |
CN106549925A (en) * | 2015-09-23 | 2017-03-29 | 阿里巴巴集团控股有限公司 | Prevent method, the apparatus and system of cross-site request forgery |
-
2017
- 2017-05-02 CN CN201710301078.0A patent/CN107046544B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101789947A (en) * | 2010-02-21 | 2010-07-28 | 成都市华为赛门铁克科技有限公司 | Method and firewall for preventing HTTP POST flooding attacks |
US20140096194A1 (en) * | 2010-12-30 | 2014-04-03 | Verisign, Inc. | Client-side active validation for mitigating ddos attacks |
CN103442016A (en) * | 2013-09-05 | 2013-12-11 | 星云融创(北京)信息技术有限公司 | Method and system for pushing white list based on website fingerprint |
CN104301302A (en) * | 2014-09-12 | 2015-01-21 | 深信服网络科技(深圳)有限公司 | Unauthorized attack detection method and device |
CN106549925A (en) * | 2015-09-23 | 2017-03-29 | 阿里巴巴集团控股有限公司 | Prevent method, the apparatus and system of cross-site request forgery |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108197467A (en) * | 2018-01-11 | 2018-06-22 | 郑州云海信息技术有限公司 | A kind of automated detection method and system of CSRF loopholes |
CN109218320A (en) * | 2018-09-25 | 2019-01-15 | 中国平安人寿保险股份有限公司 | Web-site links security verification method, device, computer equipment and storage medium |
CN109218320B (en) * | 2018-09-25 | 2022-09-09 | 中国平安人寿保险股份有限公司 | Website link security verification method and device, computer equipment and storage medium |
CN109743309A (en) * | 2018-12-28 | 2019-05-10 | 微梦创科网络科技(中国)有限公司 | A kind of illegal request recognition methods, device and electronic equipment |
CN109743309B (en) * | 2018-12-28 | 2021-09-10 | 微梦创科网络科技(中国)有限公司 | Illegal request identification method and device and electronic equipment |
CN109981600B (en) * | 2019-03-06 | 2021-08-17 | 山东信天辰信息安全技术有限公司 | Security assessment system for website reinforcement |
CN109981600A (en) * | 2019-03-06 | 2019-07-05 | 山东信天辰信息安全技术有限公司 | A kind of safety evaluation system that website reinforces |
CN110545269A (en) * | 2019-08-22 | 2019-12-06 | 西安四叶草信息技术有限公司 | Access control method, device and storage medium |
CN112637106A (en) * | 2019-09-24 | 2021-04-09 | 成都鼎桥通信技术有限公司 | Method and device for terminal to access website |
CN112637106B (en) * | 2019-09-24 | 2023-01-31 | 成都鼎桥通信技术有限公司 | Method and device for terminal to access website |
CN112350992A (en) * | 2020-09-28 | 2021-02-09 | 广东电力信息科技有限公司 | Safety protection method, device, equipment and storage medium based on web white list |
CN115208593A (en) * | 2021-03-26 | 2022-10-18 | 南宁富联富桂精密工业有限公司 | Security monitoring method, terminal and computer readable storage medium |
CN115208593B (en) * | 2021-03-26 | 2023-08-18 | 南宁富联富桂精密工业有限公司 | Security monitoring method, terminal and computer readable storage medium |
CN113660274A (en) * | 2021-08-18 | 2021-11-16 | 中国电信股份有限公司 | Website information processing method and device, storage medium and electronic equipment |
CN113660274B (en) * | 2021-08-18 | 2023-04-07 | 中国电信股份有限公司 | Website information processing method and device, storage medium and electronic equipment |
CN115021998A (en) * | 2022-05-27 | 2022-09-06 | 福建天晴数码有限公司 | Method and system for static resource double anti-stealing link |
CN115021998B (en) * | 2022-05-27 | 2023-08-11 | 福建天晴数码有限公司 | Method and system for dual anti-theft chain of static resources |
Also Published As
Publication number | Publication date |
---|---|
CN107046544B (en) | 2020-09-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107046544A (en) | A kind of method and apparatus of the unauthorized access request recognized to website | |
CN103944900B (en) | It is a kind of that attack prevention method and its device are asked across station based on encryption | |
CN107135073B (en) | Interface calling method and device | |
CN104283841B (en) | The method, apparatus and system of service access control are carried out to third-party application | |
CN105516208B (en) | A kind of WEB web site url dynamic hidden methods effectivelying prevent network attack | |
US8019995B2 (en) | Method and apparatus for preventing internet phishing attacks | |
CN107209830A (en) | Method for recognizing and resisting network attack | |
CN103297437A (en) | Safety server access method for mobile intelligent terminal | |
CN108605037B (en) | Method for transmitting digital information | |
CN107016074B (en) | Webpage loading method and device | |
EP2695410B1 (en) | Methods and apparatuses for avoiding damage in network attacks | |
CN108322416B (en) | Security authentication implementation method, device and system | |
CN108282441B (en) | Advertisement blocking method and device | |
CN106549909A (en) | A kind of authority checking method and apparatus | |
CN109587683B (en) | Method and system for preventing short message from being monitored, application program and terminal information database | |
CN110572392A (en) | Identity authentication method based on HyperLegger network | |
CN109495458A (en) | A kind of method, system and the associated component of data transmission | |
CN105553983B (en) | A kind of web data guard method | |
CN107294917A (en) | One kind trusts login method and device | |
CN104811421A (en) | Secure communication method and secure communication device based on digital rights management | |
CN106470186A (en) | A kind of to redirect the method that mode accesses third party's resource | |
CN107294920B (en) | Reverse trust login method and device | |
CN104104686A (en) | Mobile Internet based network packet analysis and discovery method | |
CN107086918A (en) | A kind of client validation method and server | |
CN111193708A (en) | Code scanning login method and device based on enterprise browser |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |