CN107360122A - The method and apparatus for preventing malicious requests - Google Patents
The method and apparatus for preventing malicious requests Download PDFInfo
- Publication number
- CN107360122A CN107360122A CN201610306074.7A CN201610306074A CN107360122A CN 107360122 A CN107360122 A CN 107360122A CN 201610306074 A CN201610306074 A CN 201610306074A CN 107360122 A CN107360122 A CN 107360122A
- Authority
- CN
- China
- Prior art keywords
- request
- mentioned
- default
- malicious requests
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
This application discloses the method and apparatus for preventing malicious requests.One embodiment of methods described includes:The request that receiving terminal is sent, wherein, above-mentioned request includes being used for the coding for identifying above-mentioned terminal;Judge whether request meets default malicious requests fixed condition really, wherein it is determined that condition includes:From the timing node pre-set, the number for handling the request for including above-mentioned coding exceedes default first frequency threshold value;If it is, determining that request is malicious requests, and refuse above-mentioned request;If it is not, then determining that request is asked for non-malicious, and handle above-mentioned request.The embodiment solves the problems, such as that malicious requests take server resource.
Description
Technical field
The application is related to field of computer technology, and in particular to Internet technical field, especially relates to
And prevent the method and and device of malicious requests.
Background technology
In internet arena, server will handle substantial amounts of request daily, and some of which please
Ask as malicious requests, server resource can be taken, for example, some shopping class websites or application are opened
When exhibition panic buying, second kill etc. movable, it just someone will go on the razzle-dazzle using programmatic way.So
Great pressure will be brought to server, while can also have a strong impact on the purchase body of normal users
Test and fairness.
The existing method for preventing malicious requests is mainly by the side of scanning server access log
Formula, to count the access times of each IP address, but on the one hand the workload of statistics is very huge
Greatly, and after waiting timing to count, then be limited, it is ageing on delayed;It is another
Aspect, many campus networks, office intranets are to share IP, if the setting valve to each IP
It is worth excessive, does not have restriction effect, it is too small, the normal request of user is had a strong impact on.
The content of the invention
The purpose of the application is to propose a kind of improved method and apparatus for preventing malicious requests,
To solve the technical problem that background section above is mentioned.
In a first aspect, this application provides a kind of method for preventing malicious requests, methods described bag
Include:The request that receiving terminal is sent, wherein, the request includes being used to identify the terminal
Coding;Judge whether the request meets default malicious requests fixed condition really, wherein, institute
Stating determination condition includes:From the timing node pre-set, processing includes asking for the coding
The number asked exceedes default first frequency threshold value;If it is, determine the request for malice
Request, and refuse the request;If it is not, then determine that the request is asked for non-malicious, and
Handle the request.
In certain embodiments, IP address, the account of terminal landing for asking also to include terminal
Number information;And the default determination condition, in addition to:The coding and check code not phase
Together, wherein, the check code is to the account information, the IP address and pre-set
Key be encrypted what is obtained.
In certain embodiments, the IP address for asking also to include terminal;It is and described default
Really fixed condition, in addition to:From the timing node pre-set, the IP address pair is handled
The number for the request answered exceedes default second frequency threshold value.
In certain embodiments, the number is inquired about in cache database and obtained;And
The processing request, in addition to:The number stored in the cache database is added
1。
In certain embodiments, methods described also includes:According to the time cycle pre-set,
The number stored in cache database described in periodic cleaning.
Second aspect, this application provides a kind of device for preventing malicious requests, described device bag
Include:Receiving unit, the request of receiving terminal transmission is configured to, wherein, the request includes
For identifying the coding of the terminal;Judging unit, it is configured to judge whether the request is full
The default malicious requests of foot fixed condition really, wherein, the determination condition includes:Set from advance
The timing node put rises, and the number for handling the request for including the coding exceedes default first time
Number threshold value;Refuse unit, be configured to when the judging unit judges that the request meets in advance
If malicious requests really fixed condition when, determine it is described request be malicious requests, and refusal described in
Request;Processing unit, be configured to when the judging unit judge it is described request be unsatisfactory for it is pre-
If malicious requests really fixed condition when, it is determined that the request is asked for non-malicious, and is handled
The request.
In certain embodiments, IP address, the account of terminal landing for asking also to include terminal
Number information;And the default determination condition, in addition to:The coding and check code not phase
Together, wherein, the check code is to the account information, the IP address and pre-set
Key be encrypted what is obtained.
In certain embodiments, the IP address for asking also to include terminal;It is and described default
Really fixed condition, in addition to:From the timing node pre-set, the IP address pair is handled
The number for the request answered exceedes default second frequency threshold value;
In certain embodiments, the number is inquired about in cache database and obtained;And
The processing unit, is further configured to:Described time will stored in the cache database
Number plus 1.
In certain embodiments, described device also includes:Unit is cleared up, is configured to according to pre-
The time cycle first set, the number stored in cache database described in periodic cleaning.
The method and apparatus for preventing malicious requests that the application provides, include being used to mark by receiving
Know the request of the coding of terminal, then judge whether it meets the determination bar of default malicious requests
Part, if it is, determining that the request is malicious requests, and refuse the request;If not,
Then determine that the request is asked for non-malicious, and handle the request.Disliked so as to efficiently solve
The problem of meaning request takes server resource.
Brief description of the drawings
Retouched by reading with reference to the detailed of being made to non-limiting example of being made of the following drawings
State, other features, objects and advantages will become more apparent upon:
Fig. 1 is that the application can apply to exemplary system architecture figure therein;
Fig. 2 is the flow according to one embodiment of the method for preventing malicious requests of the application
Figure;
Fig. 3 is the signal according to an application scenarios of the method for preventing malicious requests of the application
Figure;
Fig. 4 is the flow according to another embodiment of the method for preventing malicious requests of the application
Figure;
Fig. 5 is shown according to the structure of one embodiment of the device for preventing malicious requests of the application
It is intended to;
Fig. 6 is adapted for the structure of the computer system of the server for realizing the embodiment of the present application
Schematic diagram.
Embodiment
The application is described in further detail with reference to the accompanying drawings and examples.It is appreciated that
, specific embodiment described herein is used only for explaining related invention, rather than to the hair
Bright restriction.It also should be noted that for the ease of description, illustrate only in accompanying drawing with
About the related part of invention.
It should be noted that in the case where not conflicting, embodiment and embodiment in the application
In feature can be mutually combined.Describe this in detail below with reference to the accompanying drawings and in conjunction with the embodiments
Application.
Fig. 1 show can apply the application prevent the method for malicious requests or prevent malice please
The exemplary system architecture 100 of the embodiment for the device asked.
As shown in figure 1, system architecture 100 can include terminal device 101,102,103,
Network 104 and server 105.Network 104 is in the and of terminal device 101,102,103
The medium of communication link is provided between server 105.Network 104 can include various connection classes
Type, such as wired, wireless communication link or fiber optic cables etc..
User can pass through network 104 and server 105 with using terminal equipment 101,102,103
Interaction, to receive or send message etc..It can be provided with terminal device 101,102,103
Various client applications, such as the application of mobile phone searching class, application market class are applied, map class is answered
With, web browser applications, the application of shopping class, searching class application, JICQ, postal
Case client, social platform software etc..
Terminal device 101,102,103 can be the various electronic equipments for having display screen, bag
Include but be not limited to smart mobile phone, tablet personal computer, pocket computer on knee and desktop computer etc.
Deng.
Server 105 can be to provide the server of various services, for example, being used for receiving terminal
The request that equipment 101,102,103 is sent, judges whether request meets default malicious requests
Really the server of fixed condition.
It should be noted that the method for preventing malicious requests that the embodiment of the present application is provided is general
Performed by server 105, correspondingly, prevent the device of malicious requests to be generally positioned at server
In 105.
It should be understood that the number of the terminal device, network and server in Fig. 1 is only to illustrate
Property.According to needs are realized, can have any number of terminal device, network and server.
With continued reference to Fig. 2, it illustrates one of the method for preventing malicious requests according to the application
The flow 200 of individual embodiment.The described method for preventing malicious requests, comprises the following steps:
Step 201, the request that receiving terminal is sent.
In the present embodiment, prevent the method for malicious requests from running electronic equipment (example thereon
Server as shown in Figure 1) it can be received by wired connection mode or radio connection
The request that user is sent by terminal.It is pointed out that above-mentioned radio connection can wrap
Include but be not limited to 3G/4G connections, WiFi connections, bluetooth connection, WiMAX connections, Zigbee
What connection, UWB (ultra wideband) connections and other currently known or future developed
Radio connection.As an example, above-mentioned server can be that (engine x, draw NGINX
Hold up X) server, NGINX servers be a high performance HTTP (HTTP,
HyperText Transfer Protocol) server, it is characterized in that committed memory is few, concurrent capability
By force.Script development module of the lua scripts as NGINX can be used, lua is a kind of
Compact script, it can also be adjusted in turn easily by C language code call
With the function of C language, in script engines all at present, lua speed is most fast.
In the present embodiment, above-mentioned request includes being used for the coding for identifying above-mentioned terminal.Coding by
Client is calculated according to the rule pre-set, for example, the use that will can be logged in terminal
Message Digest Algorithm 5 is used after family account, IP address of terminal and encryption key combination
MD5 is calculated, and the mode of combinations thereof can be the part direct splicing of access word, also may be used
To be to carry out the computing such as being added.
Step 202, judge whether request meets default malicious requests fixed condition really, if
It is then to enter step 203, if otherwise entering step 204.
In the present embodiment, the request sent according to the terminal received in step 201, it is above-mentioned
Electronic equipment (such as server shown in Fig. 1) can be carried out according to the information carried in request
Inquiry operation, to judge whether above-mentioned request meets default malicious requests fixed condition really.On
Stating determination condition includes:From the timing node pre-set, processing includes asking for above-mentioned coding
The number asked exceedes default first frequency threshold value.Wherein, above-mentioned timing node can be according to tool
Body situation is set, for example, the interior number for handling the request for including the coding per second to be counted,
So, timing node can be a upper whole second, and the concept of whole second is similar to integral point, refer to milli
The time point that number of seconds is zero.First frequency threshold value can be from the timing node pre-set,
Processing includes the average time of single encoded request, can also directly set, for example, directly
3 requests for including some coding of at most processing per second are set.
In some optional implementations of the present embodiment, above-mentioned request also includes the IP of terminal
Address, the account information of terminal landing;And above-mentioned default determination condition, in addition to:On
Coding is stated to differ with check code, wherein, above-mentioned check code be server to above-mentioned account information,
Above-mentioned IP address and the key pre-set are encrypted what is obtained.Check code and coding
Computation rule need to be consistent.Judge that it is to prevent user to encode whether identical with check code
Malice forges coding.The account information of terminal landing can be user account.Above-mentioned account is believed
It can be to being stepped in terminal that breath, above-mentioned IP address and the key that pre-sets, which are encrypted,
The coding of the user account in land, the IP address and encryption key of terminal be combined after using disappearing
Breath the 5th edition MD5 of digest algorithm is calculated, and combination can be that the part of access word is direct
Splice or carry out the computing such as being added.MD5 is that computer safety field is widely used
A kind of hash function, to provide the integrity protection of message.It is characterized in:The value calculated
Length fixes, anti-modification property, strong anti-collision, calculate it is easy.
In some optional implementations of the present embodiment, above-mentioned request also includes the IP of terminal
Address;And above-mentioned default determination condition, in addition to:From the timing node pre-set,
The number for handling request corresponding to above-mentioned IP address exceedes default second frequency threshold value.With coding
Similar, IP address can also be used for the number of monitoring processing request, simply many campus networks, office
Room LAN is to share IP, and limitation effect is not had if the setting threshold values to each IP is excessive
Fruit, it is too small, the normal request of user is had a strong impact on.
In some optional implementations of the present embodiment, above-mentioned number is in cache database
It is middle to inquire about what is obtained;And the above-mentioned above-mentioned request of processing, in addition to:By above-mentioned cache database
The above-mentioned number of middle storage adds 1.Cache database can be Redis databases, Redis data
Storehouse be the support an increased income network, can based on internal memory also can the log type of persistence, key-value deposit
(key-value store) database is stored up, and the API (Application of multilingual are provided
Programming Interface, application programming interface).
In some optional implementations of the present embodiment, the above method also includes:According to pre-
The time cycle first set, the above-mentioned number stored in the above-mentioned cache database of periodic cleaning.Example
Such as, the number stored, so, server can be cleared up in once above-mentioned cache database with per second
The number data of inquiry are number data per second.
Step 203, it is malicious requests to determine above-mentioned request, and refuses above-mentioned request.
In the present embodiment, above-mentioned electronic equipment (such as server shown in Fig. 1) can be
Step 202 judges that above-mentioned request meets default malicious requests really after fixed condition, it is determined that on
It is malicious requests to state request, and refuses above-mentioned request.Malicious requests typically refer to user and use journey
The request that sequence mode is forged.Information can be sent to terminal after refusing above-mentioned request, for carrying
Show that terminal request is excessively frequent.
Step 204, determine that above-mentioned request is asked for non-malicious, and handle above-mentioned request.
In the present embodiment, above-mentioned electronic equipment (such as server shown in Fig. 1) can be
Step 202 judges that above-mentioned request is unsatisfactory for default malicious requests really after fixed condition, it is determined that
Above-mentioned request is asked for non-malicious, and handles above-mentioned request.Above-mentioned request also can be transmitted to other
Service server processing.After handling above-mentioned request, above-mentioned coding or terminal IP can also will be handled
The number of request adds 1 corresponding to address.
With continued reference to Fig. 3, Fig. 3 be according to the method for preventing malicious requests of the present embodiment should
With a schematic diagram of scene.In Fig. 3 application scenarios, user is by installing in terminal
Browser or user end to server submit request, and request includes being used for the volume for identifying above-mentioned terminal
Code, can be named as tracking code (trackerID).Terminal can be according to setting in advance under normal circumstances
The rule put calculates trackerID, for example, IP address of terminal and can add user account
TrackerID is calculated using MD5 after close cipher key combinations.With this, each user has
One trackerID, each IP may have multiple trackerID.
Front-end server, such as NGINX servers, cache database is arrived after receiving request,
Such as Redis databases, read and count.The access time of IP address is housed in cache database
The access times of number and trackerID.Can with every 1 second by the counting clear 0, with this, caching
Counted in database is access times per second.After server reads counting, currently please it judge
The no malicious traffic stream of Seeking Truth, the foundation of judgement include following three:The access of the IP address read
Whether number exceedes the threshold values per second of the IP address;The trackerID read access times
Whether the per second threshold values of the trackerID is exceeded;The trackerID and server that request includes
Whether the trackerID being calculated is identical, and this three rule arbitrarily meets one, then it is assumed that its
It is malicious traffic stream.
If above-mentioned request is not malicious traffic stream, cache database counter is added 1, and
Back-end server is forwarded the request to, to carry out business processing, after business processing is complete, will be tied
Fruit returns to terminal.If above-mentioned request is malicious traffic stream, directly refusal falls the request, this
The substantial amounts of malicious traffic stream of sample cannot reach back-end server, significantly reduce back-end server
Service processing pressure.
The method that above-described embodiment of the application provides includes being used for the volume for identifying terminal by receiving
The request of code, then judges whether it meets default malicious requests fixed condition really, if it is,
Then determine that the request is malicious requests, and refuse the request.So as to efficiently solve malice
Request takes the problem of server resource.
With further reference to Fig. 4, it illustrates another embodiment for the method for preventing malicious requests
Flow 400.This prevents the flow 400 of the method for malicious requests, comprises the following steps:
Step 401, the request that receiving terminal is sent.
In the present embodiment, prevent the method for malicious requests from running electronic equipment (example thereon
Server as shown in Figure 1) wired connection mode or wireless connection can be passed through with receiving terminal
The request that mode is sent.In the present embodiment, above-mentioned request includes being used to identify above-mentioned terminal
Coding.
Step 402, judge from the timing node pre-set, it is corresponding to handle above-mentioned IP address
The number of request whether exceed default second frequency threshold value, if it is, into step
405, if it is not, then into step 403.
In the present embodiment, above-mentioned electronic equipment (such as server shown in Fig. 1) is in step
After 401 receive the request of terminal transmission, it can cached according to the IP address of above-mentioned terminal
From the timing node pre-set, the IP address for handling above-mentioned terminal is sent for inquiry in database
Request number, and whether the number for determining whether to inquire exceedes default second number
Threshold value.Because IP address obtains the number that simply, can be aided in for monitoring processing request, first
Judge whether the number of request corresponding to IP address exceedes default second frequency threshold value, if
It is that then can directly determine that above-mentioned request is malicious requests, without subsequently being judged, enter one
Step alleviates the burden of server.
Step 403, judge from the timing node pre-set, processing includes above-mentioned coding
Whether the number of request exceedes default first frequency threshold value, if it is, into step 405,
If it is not, then into step 404.
In the present embodiment, above-mentioned electronic equipment (such as server shown in Fig. 1) can root
Identify the coding of above-mentioned terminal according to being used for of including of above-mentioned request, in cache database inquiry from
The timing node pre-set rises, and processing includes the number of the request of above-mentioned coding, and further
Whether the number for judging to inquire exceedes default first frequency threshold value.
Step 404, judge whether coding is identical with check code, if it is, into step 406,
If it is not, then into step 405.
Under normal circumstances, above-mentioned electronic equipment (such as server shown in Fig. 1) and terminal meeting
According to the identical rule calculation code pre-set, the coding being calculated also should be identical,
For example, user account can be used MD5 after IP address of terminal and encryption key combination
Coding is calculated in algorithm.But certain customers have malicious act, it can forge coding, make
Server can not inquire its real access situation, therefore, it is necessary to judge the volume that terminal is sent
Whether code and the check code that server calculates are identical.
Step 405, it is determined that request is malicious requests, and above-mentioned request is refused.
In the present embodiment, above-mentioned electronic equipment (such as server shown in Fig. 1) can be
Any of step 402, step 403 step judged result are yes, and/or step 404 judges
When being as a result no, it is malicious requests to determine above-mentioned request, and refuses above-mentioned request.Malicious requests
Typically refer to the request that user uses programmatic way to forge.Refusing can be to end after above-mentioned request
End sends information, for prompting request excessively frequent.
Step 406, it is determined that request is asked for non-malicious, and above-mentioned request is handled.
In the present embodiment, above-mentioned electronic equipment (such as server shown in Fig. 1) can be
Step 402, the judged result of step 403 be it is no, and step 404 judged result for be when,
Determine that above-mentioned request is asked for non-malicious, and handle above-mentioned request.Above-mentioned request also can be transmitted to
The processing of other service servers.After handling above-mentioned request, it will can also be stored in cache database
The above-mentioned coding of processing or IP address of terminal corresponding to the number of request add 1.Can also be according to pre-
The time cycle first set, the above-mentioned number stored in the above-mentioned cache database of periodic cleaning.
Figure 4, it is seen that compared with embodiment corresponding to Fig. 2, it is anti-in the present embodiment
Only the flow 400 of the method for malicious requests, which has had more, judges whether identical walks coding with check code
Rapid 403, and judge from the timing node pre-set, handle corresponding to above-mentioned IP address
Whether the number of request exceedes the step 404 of default second frequency threshold value.Thus, this implementation
The scheme of example description can more fully prevent malicious requests.
With further reference to Fig. 5, as the realization to method shown in above-mentioned each figure, the application provides
A kind of one embodiment for the device for preventing malicious requests, the device embodiment with shown in Fig. 2
Embodiment of the method it is corresponding, the device specifically can apply in various electronic equipments.
As shown in figure 5, the device 500 for preventing malicious requests described in the present embodiment includes:Connect
Receive unit 501, judging unit 502, refusal unit 503 and processing unit 504.Wherein, connect
Unit 501 is received, is configured to the request of receiving terminal transmission, wherein, above-mentioned request includes using
In the coding for identifying above-mentioned terminal;Judging unit 502, it is configured to whether judge above-mentioned request
Meet default malicious requests fixed condition really, wherein, above-mentioned determination condition includes:From advance
The timing node of setting rises, and the number that processing includes the request of above-mentioned coding exceedes default first
Frequency threshold value;Refuse unit 503, be configured to when above-mentioned judging unit judges above-mentioned request
Meet default malicious requests really fixed condition when, it is malicious requests to determine above-mentioned request, and is refused
Exhausted above-mentioned request;Processing unit 504, it is configured to when above-mentioned judging unit judges above-mentioned ask
Ask be unsatisfactory for default malicious requests really fixed condition when, it is determined that above-mentioned request for non-malicious please
Ask, and handle above-mentioned request.
In the present embodiment, prevent receiving unit 501 in the device 500 of malicious requests, judge
The specific processing of unit 502, refusal unit 503 and processing unit 504 can be corresponding referring to Fig. 2
The phase of the implementation of step 201, step 202, step 203 and step 204 in embodiment
Description is closed, will not be repeated here.
In some optional implementations of the present embodiment, above-mentioned request also includes the IP of terminal
Address, the account information of terminal landing;And above-mentioned default determination condition, in addition to:On
Coding is stated to differ with check code, wherein, above-mentioned check code is to above-mentioned account information, above-mentioned
IP address and the key pre-set are encrypted what is obtained.
In some optional implementations of the present embodiment, above-mentioned request also includes the IP of terminal
Address;And above-mentioned default determination condition, in addition to:From the timing node pre-set,
The number for handling request corresponding to above-mentioned IP address exceedes default second frequency threshold value;
In some optional implementations of the present embodiment, above-mentioned number is in cache database
It is middle to inquire about what is obtained;And the above-mentioned step of processing unit 504 is configured to:Will be above-mentioned data cached
The above-mentioned number stored in storehouse adds 1.
In some optional implementations of the present embodiment, the device 500 of malicious requests is prevented
It can also include:Unit (not shown) is emptied, is configured to when default valid cache
Between data in above-mentioned memory database are emptied after section.The specific processing for emptying unit can be referring to figure
The associated description of step 202 implementation in 2 corresponding embodiments, will not be repeated here.
Below with reference to Fig. 6, it illustrates suitable for for realizing the server of the embodiment of the present application
The structural representation of computer system 600.
As shown in figure 5, computer system 600 includes CPU (CPU) 601, its
Can according to the program being stored in read-only storage (ROM) 602 or from storage part 606
The program that is loaded into random access storage device (RAM) 603 and perform various appropriate actions
And processing.In RAM 603, also it is stored with system 600 and operates required various program sums
According to.CPU 601, ROM 602 and RAM 603 are connected with each other by bus 604.Input
/ output (I/O) interface 605 is also connected to bus 604.
I/O interfaces 605 are connected to lower component:Storage part 606 including hard disk etc.;And
The communications portion 607 of NIC including LAN card, modem etc..Communication
Part 607 performs communication process via the network of such as internet.Driver 608 is also according to need
It is connected to I/O interfaces 605.Detachable media 609, such as disk, CD, magneto-optic disk,
Semiconductor memory etc., it is arranged on as needed on driver 608, in order to read from it
The computer program gone out is mounted into storage part 606 as needed.
Especially, in accordance with an embodiment of the present disclosure, can be with above with reference to the process of flow chart description
It is implemented as computer software programs.For example, embodiment of the disclosure includes a kind of computer journey
Sequence product, it includes being tangibly embodied in the computer program on machine readable media, the meter
Calculation machine program bag contains the program code for being used for the method shown in execution flow chart.In such implementation
In example, the computer program can be downloaded and installed by communications portion 607 from network,
And/or it is mounted from detachable media 609.In the computer program by CPU
(CPU) during 601 execution, the above-mentioned function of being limited in the present processes is performed.In accompanying drawing
Flow chart and block diagram, it is illustrated that according to the system, method and calculating of the various embodiments of the application
Architectural framework in the cards, function and the operation of machine program product.At this point, flow chart
Or each square frame in block diagram can represent a part for a module, program segment or code,
A part for the module, program segment or code includes one or more defined for realizing
The executable instruction of logic function.It should also be noted that some as replace realization in, side
The function of being marked in frame can also be with different from the order marked in accompanying drawing generation.For example,
Two square frames succeedingly represented can essentially perform substantially in parallel, and they sometimes can also
Perform in the opposite order, this is depending on involved function.It is also noted that block diagram and/
Or the combination of each square frame and block diagram in flow chart and/or the square frame in flow chart, can be with
Function or the special hardware based system of operation as defined in execution realize, or can be with
Realized with the combination of specialized hardware and computer instruction.
Being described in unit involved in the embodiment of the present application can be real by way of software
It is existing, it can also be realized by way of hardware.Described unit can also be arranged on processing
In device, for example, can be described as:A kind of processor includes receiving unit, judging unit, refused
Exhausted unit and processing unit.Wherein, the title of these units under certain conditions form pair
The restriction of the unit in itself, for example, receiving unit is also described as, " receiving terminal is sent
Request unit ".
As on the other hand, present invention also provides a kind of nonvolatile computer storage media,
The nonvolatile computer storage media can be described in above-described embodiment included in device
Nonvolatile computer storage media;Can also be individualism, without non-in supplying terminal
Volatile computer storage medium.Above-mentioned nonvolatile computer storage media be stored with one or
The multiple programs of person, when one or more of programs are performed by an equipment so that described
Equipment:The request that receiving terminal is sent, wherein, above-mentioned request includes being used to identify above-mentioned terminal
Coding;Judge whether above-mentioned request meets default malicious requests fixed condition really, wherein,
Above-mentioned determination condition includes:From the timing node pre-set, processing includes above-mentioned coding
The number of request exceedes default first frequency threshold value;If it is, above-mentioned request is determined to dislike
Meaning request, and refuse above-mentioned request;If it is not, then determine that above-mentioned request is asked for non-malicious,
And handle above-mentioned request.
Above description is only the preferred embodiment of the application and saying to institute's application technology principle
It is bright.It will be appreciated by those skilled in the art that invention scope involved in the application, and it is unlimited
In the technical scheme that the particular combination of above-mentioned technical characteristic forms, while it should also cover and not depart from
In the case of the inventive concept, it is combined by above-mentioned technical characteristic or its equivalent feature
And the other technical schemes formed.Such as features described above and (but not limited to) disclosed herein
The technical scheme that technical characteristic with similar functions is replaced mutually and formed.
Claims (10)
- A kind of 1. method for preventing malicious requests, it is characterised in that methods described includes:The request that receiving terminal is sent, wherein, the request includes being used to identify the terminal Coding;Judge whether the request meets default malicious requests fixed condition really, wherein, it is described The condition of determination includes:From the timing node pre-set, processing includes the request of the coding Number exceed default first frequency threshold value;If it is, determining that the request is malicious requests, and refuse the request;If it is not, then determining that the request is asked for non-malicious, and handle the request.
- 2. according to the method for claim 1, it is characterised in that the request is also included eventually The IP address at end, the account information of terminal landing;AndThe default determination condition, in addition to:The coding differs with check code, wherein, the check code be to the account information, The IP address and the key pre-set are encrypted what is obtained.
- 3. according to the method for claim 1, it is characterised in that the request is also included eventually The IP address at end;AndThe default determination condition, in addition to:From the timing node pre-set, the number for handling request corresponding to the IP address surpasses Cross default second frequency threshold value.
- 4. according to the method any one of claim 1-3, it is characterised in that described time Number is inquired about in cache database and obtained;AndThe processing request, in addition to:The number stored in the cache database is added 1.
- 5. according to the method for claim 4, it is characterised in that methods described also includes:According to the time cycle pre-set, the institute that is stored in cache database described in periodic cleaning State number.
- 6. a kind of device for preventing malicious requests, it is characterised in that described device includes:Receiving unit, the request of receiving terminal transmission is configured to, wherein, the request includes For identifying the coding of the terminal;Judging unit, it is configured to judge whether the request meets default malicious requests really Fixed condition, wherein, the determination condition includes:From the timing node pre-set, processing The number of request including the coding exceedes default first frequency threshold value;Refuse unit, be configured to when the judging unit judge it is described ask meet it is default Malicious requests really fixed condition when, determine that the request is malicious requests, and refuse the request;Processing unit, it is configured to when the judging unit judges that the request is unsatisfactory for presetting Malicious requests really fixed condition when, it is determined that the request is asked for non-malicious, and handles institute State request.
- 7. device according to claim 6, it is characterised in that the request is also included eventually The IP address at end, the account information of terminal landing;AndThe default determination condition, in addition to:The coding differs with check code, wherein, the check code be to the account information, The IP address and the key pre-set are encrypted what is obtained.
- 8. device according to claim 6, it is characterised in that the request is also included eventually The IP address at end;AndThe default determination condition, in addition to:From the timing node pre-set, the number for handling request corresponding to the IP address surpasses Cross default second frequency threshold value.
- 9. according to the device any one of claim 6-8, it is characterised in that described time Number is inquired about in cache database and obtained;AndThe processing unit, is further configured to:The number stored in the cache database is added 1.
- 10. device according to claim 9, it is characterised in that described device also includes:Unit is cleared up, is configured to according to the time cycle pre-set, is delayed described in periodic cleaning The number stored in deposit data storehouse.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610306074.7A CN107360122B (en) | 2016-05-10 | 2016-05-10 | Method and device for preventing malicious request |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610306074.7A CN107360122B (en) | 2016-05-10 | 2016-05-10 | Method and device for preventing malicious request |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107360122A true CN107360122A (en) | 2017-11-17 |
CN107360122B CN107360122B (en) | 2020-11-03 |
Family
ID=60271172
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610306074.7A Active CN107360122B (en) | 2016-05-10 | 2016-05-10 | Method and device for preventing malicious request |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107360122B (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109218387A (en) * | 2018-07-02 | 2019-01-15 | 佛山科学技术学院 | A kind of storage method of shared storage pool |
CN110120963A (en) * | 2018-02-06 | 2019-08-13 | 阿里巴巴集团控股有限公司 | A kind of data processing method, device, equipment and machine readable media |
CN110545269A (en) * | 2019-08-22 | 2019-12-06 | 西安四叶草信息技术有限公司 | Access control method, device and storage medium |
CN111949857A (en) * | 2020-08-13 | 2020-11-17 | 中国民航信息网络股份有限公司 | Flight query request processing method and device and electronic equipment |
CN112685782A (en) * | 2021-01-04 | 2021-04-20 | 浪潮云信息技术股份公司 | Distributed login control method and system realized based on cache database |
CN113724452A (en) * | 2021-08-26 | 2021-11-30 | 深圳市丰巢网络技术有限公司 | Letter and newspaper delivery authority management method and device, electronic equipment and storage medium |
CN113794679A (en) * | 2021-08-02 | 2021-12-14 | 浪潮软件股份有限公司 | Method and system for preventing automatic script number robbing |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101035034A (en) * | 2007-04-02 | 2007-09-12 | 华为技术有限公司 | Method and device for detecting the message attack |
CN101203052A (en) * | 2007-12-24 | 2008-06-18 | 华为技术有限公司 | Method and apparatus for preventing malice business request |
CN103051633A (en) * | 2012-12-25 | 2013-04-17 | 华为技术有限公司 | Attack prevention method and equipment |
CN103957195A (en) * | 2014-04-04 | 2014-07-30 | 上海聚流软件科技有限公司 | DNS system and defense method and device for DNS attack |
CN105337966A (en) * | 2015-10-16 | 2016-02-17 | 中国联合网络通信集团有限公司 | Processing method for network attacks and device |
-
2016
- 2016-05-10 CN CN201610306074.7A patent/CN107360122B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101035034A (en) * | 2007-04-02 | 2007-09-12 | 华为技术有限公司 | Method and device for detecting the message attack |
CN101203052A (en) * | 2007-12-24 | 2008-06-18 | 华为技术有限公司 | Method and apparatus for preventing malice business request |
CN103051633A (en) * | 2012-12-25 | 2013-04-17 | 华为技术有限公司 | Attack prevention method and equipment |
CN103957195A (en) * | 2014-04-04 | 2014-07-30 | 上海聚流软件科技有限公司 | DNS system and defense method and device for DNS attack |
CN105337966A (en) * | 2015-10-16 | 2016-02-17 | 中国联合网络通信集团有限公司 | Processing method for network attacks and device |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110120963A (en) * | 2018-02-06 | 2019-08-13 | 阿里巴巴集团控股有限公司 | A kind of data processing method, device, equipment and machine readable media |
CN109218387A (en) * | 2018-07-02 | 2019-01-15 | 佛山科学技术学院 | A kind of storage method of shared storage pool |
CN110545269A (en) * | 2019-08-22 | 2019-12-06 | 西安四叶草信息技术有限公司 | Access control method, device and storage medium |
CN111949857A (en) * | 2020-08-13 | 2020-11-17 | 中国民航信息网络股份有限公司 | Flight query request processing method and device and electronic equipment |
CN111949857B (en) * | 2020-08-13 | 2024-06-11 | 中国民航信息网络股份有限公司 | Flight query request processing method and device and electronic equipment |
CN112685782A (en) * | 2021-01-04 | 2021-04-20 | 浪潮云信息技术股份公司 | Distributed login control method and system realized based on cache database |
CN113794679A (en) * | 2021-08-02 | 2021-12-14 | 浪潮软件股份有限公司 | Method and system for preventing automatic script number robbing |
CN113794679B (en) * | 2021-08-02 | 2023-04-18 | 浪潮软件股份有限公司 | Method and system for preventing automatic script number robbing |
CN113724452A (en) * | 2021-08-26 | 2021-11-30 | 深圳市丰巢网络技术有限公司 | Letter and newspaper delivery authority management method and device, electronic equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN107360122B (en) | 2020-11-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107360122A (en) | The method and apparatus for preventing malicious requests | |
CN104219316B (en) | A kind of call request processing method and processing device in distributed system | |
US11399288B2 (en) | Method for HTTP-based access point fingerprint and classification using machine learning | |
CN107294982A (en) | Webpage back door detection method, device and computer-readable recording medium | |
US20160337387A1 (en) | Detecting web exploit kits by tree-based structural similarity search | |
CN104184832B (en) | Data submission method and device in network application | |
EP3697042A1 (en) | Traffic analysis method, public service traffic attribution method and corresponding computer system | |
CN107016074B (en) | Webpage loading method and device | |
CN111311136A (en) | Wind control decision method, computer equipment and storage medium | |
CN109104456A (en) | A kind of user tracking based on browser fingerprint and propagating statistics analysis method | |
US12015627B2 (en) | Webpage integrity monitoring | |
CN103810268B (en) | Search result recommendation information loading method, device and system and URL detection method, device and system | |
CN107124281A (en) | A kind of data security method and related system | |
WO2014094441A1 (en) | Virus detection method and device | |
KR20080052097A (en) | Harmful web site filtering method and apparatus using web structural information | |
CN108667770A (en) | A kind of loophole test method, server and the system of website | |
US8789177B1 (en) | Method and system for automatically obtaining web page content in the presence of redirects | |
Poggi et al. | Web customer modeling for automated session prioritization on high traffic sites | |
CN110572302B (en) | Diskless local area network scene identification method and device and terminal | |
Wu et al. | DAPter: Preventing user data abuse in deep learning inference services | |
US10420158B2 (en) | Method, system, and program product for improving quality of electronic communications | |
CN110472128A (en) | Webpage evidence collecting method, device, storage medium and server based on image recognition | |
de la Puerta et al. | Detecting malicious Android applications based on the network packets generated | |
CN103167554B (en) | Gateway flow constriction processing method and device, network service providing system | |
CN109831492A (en) | Access the method and device of OTT application, server push message |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |