CN108683631A - A kind of method and system preventing scanning authority - Google Patents
A kind of method and system preventing scanning authority Download PDFInfo
- Publication number
- CN108683631A CN108683631A CN201810294217.6A CN201810294217A CN108683631A CN 108683631 A CN108683631 A CN 108683631A CN 201810294217 A CN201810294217 A CN 201810294217A CN 108683631 A CN108683631 A CN 108683631A
- Authority
- CN
- China
- Prior art keywords
- request
- domain name
- authority
- client
- behavior
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/958—Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of method and systems preventing scanning authority.This method includes:Step 1, after node server receives client for the request of the authority of a domain name, judge that domain name whether there is in the white list or blacklist to prestore;Step 2, if judging, domain name is not present in the white list to prestore or blacklist, then being based on default judgment rule judges request for normal behaviour, scanning behavior or unknown behavior, if normal behaviour or unknown behavior, the default privilege file being generated in advance then is sent to client, if scanning behavior, then refuse to ask.The method and system of the present invention can distinguish client traffic behavior, identify which client traffic needs authority, which client does not need authority, and pass through the whole network information conduit, change judgment rule, rapid issue is come into force, and is solved the problems, such as in the case of no perception in client, and user experience is improved.
Description
Technical field
The present invention relates to Internet technical field more particularly to a kind of method and system preventing scanning authority.
Background technology
In general, the flow that proxy client website meeting extra reception client web site is scanned by attack, while number of site is graded
Security sweep tool can especially ask special access right as specific file, such as crossdomain.xml and robot.txt etc.
File.At this point, when these files are not present in client source station, server needs to judge whether this provides special file for this request.
On the one hand, for video website etc., flash player carrys out the resource of confirmation request by crossdomain.xml files
Whether it is allowed to, if not obtaining authority plays service by complete failure.On the other hand, cross-domain for static page
Access etc. does not need this cross-domain file, at this time if Server Default provides authority, will influence this website in certain peaces
Whole scoring under full scan software, causes the safety to website to generate erroneous judgement, increases the risk that website uses, and influence
The usage experience of website.
Existing technology is mainly all to provide permission text for solution of these special access right files after scanned
The such request of part or completely refusal.There are apparent defects for such method handled without exception:
(1) it is to completely contradict for the demand of privilege file for different business website, directly allows and directly refuse, all
It will influence the normal service of website.For example, influencing service after refusal, do not refuse to influence web portal security grading.
(2) induction and conclusion is carried out without the particularity for request, cannot finds the similarities and differences of normal request and scanning machine,
Influence recognition efficiency and business accuracy.
(3) it when change rule, promptly issues not enough quickly, single machine update rule needs to synchronize in very short time complete
Network server, and the method for the prior art is unable to real time modifying rule.
Therefore, it is necessary to a kind of method and systems preventing scanning authority.
Invention content
In order to solve the problems in authority scanning in the prior art, it is proposed that a kind of side preventing scanning authority
Method and system.
According to an aspect of the invention, there is provided a kind of method preventing scanning authority, the method includes:
Step 1, after node server receives client for the request of the authority of a domain name, judge domain name
With the presence or absence of in the white list or blacklist to prestore;
Step 2, if judging, domain name is not present in the white list to prestore or blacklist, based on default judgment rule
The request is judged for normal behaviour, scanning behavior or unknown behavior, if normal behaviour or unknown behavior, then to the client
End sends the default privilege file being generated in advance, and if scanning behavior, then refuses the request.
Wherein, the step 2 further includes:
If judging the request for unknown behavior, after sending the default privilege file to the client, by institute
It states request relevant information and is sent to central server;
The central server judges the request for normal behaviour, scanning behavior based on the request relevant information.
Wherein, the central server judges the request for normal behaviour, scan line based on the request relevant information
It is to include:
The header information of the request is obtained based on the request relevant information;
The request is judged for normal behaviour based on the header information or scans behavior, if being judged as normal behaviour,
The corresponding domain name of request is added in white list, if being judged as scanning behavior, the corresponding domain name of request is added
In blacklist;
The white list and the blacklist are issued to node server.
Wherein, the step 2 further includes:
If judging, domain name is present in the white list, and the default privilege being generated in advance is sent to the client
File;
If judging, domain name is present in the blacklist, refuses the request.
Wherein, the method further includes being executed before the step 2:
Generate the default privilege file.
Wherein, the step 1 further include upon receiving the request, and judging domain name whether there is in institute
It is executed before stating white list or the blacklist:
Judge whether there is the authority on the node server, is sent to the authority if having described
Client inquires whether the source station of domain name has the authority if not having, if so, then obtaining institute from the source station
It states authority and is sent to the client, if not having, judge that domain name whether there is in the white list that prestores or black
In list.
According to another aspect of the present invention, a kind of system preventing scanning authority is additionally provided, the system comprises
Node server, the node server include:
Receiving module, for receiving request of the client for the authority of a domain name;
First judgment module, for judging that domain name whether there is in the white list or blacklist to prestore, and if
Judge that domain name is not present in the white list to prestore or blacklist, is then based on default judgment rule and judges the request for just
Chang Hangwei, scanning behavior or unknown behavior;
First execution module when for being judged as normal behaviour or unknown behavior, then sends pre- Mr. to the client
At default privilege file, when being judged as scanning behavior, then refuse the request.
Wherein, when first execution module is additionally operable to judge the request as unknown behavior, then to the client
After sending the default privilege file, the request relevant information is sent to central server;
The system also includes central server, the central server includes the second judgment module, for based on described
Request relevant information judges the request for normal behaviour, scanning behavior.
Wherein, the central server further includes acquisition module and the second execution module:
The acquisition module is used to obtain the header information of the request based on the request relevant information;
Second judgment module is used to judge the request for normal behaviour or scanning behavior based on the header information;
Second execution module by the corresponding domain name of request for when being judged as normal behaviour, being then added white list
In, when being judged as scanning behavior, then the corresponding domain name of the request is added in blacklist, and by the white list and described black
List is issued to node server.
Wherein, first execution module is additionally operable to:
If judging, domain name is present in the white list, and the default privilege being generated in advance is sent to the client
File;
If judging, domain name is present in the blacklist, refuses the request.
Wherein, the node server further includes:
Generation module, it is described silent for before sending the default privilege file being generated in advance to the client, generating
Recognize authority.
Wherein, first judgment module is additionally operable to upon receiving the request, and whether is judging domain name
It is present in before the white list or the blacklist, judges whether there is the authority on the node server;
If first execution module is additionally operable to the authority, the authority is sent to the client
End, if without the authority, inquires whether the source station of domain name has the authority, if so, then from the source
It stands and obtains the authority and be sent to the client.
The method and system for preventing scanning authority in the present invention has following advantageous effects:
(1) client traffic behavior is distinguished, identifies which client traffic needs authority, which client does not need permission text
Part.
(2) discrimination for being directed to particular request behavior reaches 95% or more, is trained by data, discrimination can reach more
It is high.
(3) face the reality the changeable situation of service environment, real time modifying rule and with true web portal security scan data
Comparison finds out possible new judgment rule by data analysis, matches client traffic behavior.
(4) it issues come into force rapidly, in client in the feelings not perceived when changing rule, list by the whole network information conduit
It is solved the problems, such as under condition, improves user experience.
Description of the drawings
The attached drawing for constituting the part of the present invention is used to provide further understanding of the present invention, schematic reality of the invention
Example and its explanation are applied for explaining the present invention, is not constituted improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart of the method according to the present invention for preventing scanning authority;
Fig. 2 is the module map of the system according to the present invention for preventing scanning authority.
Specific implementation mode
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
The every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.It needs
Illustrate, in the absence of conflict, the features in the embodiments and the embodiments of the present application mutually can be combined arbitrarily.
The present invention provides a kind of methods preventing scanning authority, as shown in Figure 1, this method includes:
Step 101, after node server receives client for the request of the authority of a domain name, judge that domain name is
It is no to be present in the white list or blacklist to prestore;
Step 102, if judging, domain name is not present in the white list to prestore or blacklist, is sentenced based on default judgment rule
The disconnected request is normal behaviour, scanning behavior or unknown behavior, if normal behaviour or unknown behavior, is then sent to client
The default privilege file being generated in advance then is refused to ask if scanning behavior.
Here default judgment rule is stored in advance on node server, can be issued by central server
It arrives, can also issue to obtain by other servers, header information feature and corresponding normal behaviour or is swept in request message
The attribute of behavior is retouched, can judge that the header information in the request message is still swept for normal behaviour according to the header information feature
Retouch behavior.
It should be noted that here when judging the request for unknown behavior, default privilege file still is sent to client,
It is in order to ensure the response speed to client, in order to avoid due to directly refusing or influencing to service without response for a long time.
In step 101, if judging, domain name is present in the white list, is generated in advance to client transmission
Default privilege file;If judging, domain name is present in the blacklist, refuses the request.
When node server is run, white and black list can be loaded into the memory of server, to improve response speed.
If domain name in white list, returns to default privilege file, which is adopted by node server based on service conditions
It is generated according to known condition with certain strategy, the phase of the prior art can be referred to inside the Pass about generating for default privilege file
Hold, details are not described herein.If domain name in blacklist, refuses the request, such as returns to the initial data of source station response
(4XX, 5XX conditional code).
Step 101 further include upon receiving the request, and judging domain name whether there is in the white name
It is executed before the single or described blacklist:Judge whether there is the authority on the node server, by the power if having
Limit file is sent to the client, if not having, inquires whether the source station of domain name has the authority, if so, then
Obtain the authority from the source station and be sent to the client, if not having, judge domain name whether there is in
In the white list or blacklist that prestore.
Node server judges locally whether have the authority after receiving client to the request of authority
Caching go back to source station if not if any client is then transmitted directly to and pull the authority.If there is the authority in source station
Then directly give, if without if can corresponding 4XX, 5XX conditional code, and judge that the domain name whether there is in white name by node server
In list or blacklist.
Here, it if there are such cache file on node server, turns out and the request of the domain name was verified
For normal behaviour, therefore can directly transmit.In addition, if source station there are this authority, is considered as the presence of this website
The business of access right file, and be to carry out certain precautionary measures.Given this upper 2 points, can judge the domain name it
Preceding elder generation locally carries out judging and first attempt to obtain authority from source station in node server.
In a step 102, if judging the request for unknown behavior, the default privilege is being sent to the client
After file, the request relevant information is sent to central server;The central server is based on the request relevant information
Judge the request for normal behaviour, scanning behavior.
If node server judges the request for unknown behavior, i.e., it can not determine that the request is normal behaviour or scan line
Then to need to make a concrete analysis of the request by central server, to judge that the request still scans behavior as normal behaviour.
What central server was sent based on node server here is judged with the relevant information of the request.These request relevant informations
It may, for example, be request message.By the judgement of the step, which can be determined as to normal behaviour or scanning behavior,
To supplement new content for behavior judgment rule, and the unknown associated domain name of behavior is added into blacklist or white list
In.
Further, central server judges the request for normal behaviour, scan line based on the request relevant information
It is to include:
The header information of the request is obtained based on the request relevant information;
The request is judged for normal behaviour based on the header information or scans behavior, if being judged as normal behaviour,
The corresponding domain name of request is added in white list, if being judged as scanning behavior, the corresponding domain name of request is added
In blacklist;
The white list and the blacklist are issued to node server.
Here behavioural analysis operation is realized that data analysis system can be located at central server by data analysis system
On, can also be on other servers as described above.When data analysis system is located on other servers,
Then relevant information will be asked to be sent to data analysis system by central server to analyze, then be divided from data by central server
Analysis system obtains analysis and obtains as a result, updating black and white lists in addition, and carry out updated black and white lists to each node server
Issue.
The monitoring software of central server can monitor special interface, data of the Asynchronous Reception from the whole network node server.
In addition, central server determines black and white lists data and unknown domain name, the domain name for having determined as black and white lists is added to black
In white list, and newer black and white lists are synchronized and are issued to each node server, when locally judging so as to each node server
It uses.
Therefore, the effect of central server is as follows:
(1) by the data summarization of distributed type assemblies, so that data analysis system is further analyzed;
(2) by internal information pipeline, black and white lists is issued to grade of each node server second, the whole network Fast synchronization is solved and asks
Topic;
(3) the analysis data result of data analysis system, such as black and white lists are obtained, behavior judgment rule is scanned, by it
It is issued to the node server of the whole network.
The analytic process of the data analysis system is described below in detail:
(a) after data analysis system receives the header information of the request, website known to Baidu, 360 etc. is established for should
The security sweep task of the corresponding domain name of request, to obtain the head feature of such scan task, and by the head
Feature is added in header information property data base.
(b) the unknown domain name data and safe business men scanning behavioral data that central server is sent are received, because being above
The security sweep task of website known to Baidu, 360 etc. is established, but there is likely to be the scanning of unknown or obscure business men, examples
Such as Topsec, deeply convinced, it is therefore desirable to the scanning behavioral data of other safe business mens, the i.e. head feature of scan task are obtained,
And these head features are added in header information property data base.
(c) message data will be made requests on to arrange, unknown domain name data and scan data will be excluded by screening washer
The header information judged is cannot act as, such as:Host (domain name of request), client-ip (client ip) etc.;Exclusion has been acknowledged
Know the head of rule, is such as judged, referer by referer (header information for indicating request source):Xxx.swf is indicated
The request comes from swf players website, such as http://www.cutv.com/demo/live_test.swf.
(d) it is left above-mentioned after exclusion cannot act as the header information judged and have been acknowledged the head for knowing rule
Information by contrast device, i.e., with the header information Characteristic Contrast in header information property data base, judge the request be scanning
Behavior or normal behaviour, and correspondingly the corresponding domain name of the request is added in blacklist or white list.
(e) updated blacklist and white list and header information property data base are exported.
This method further includes being executed before step 102:Generate the default privilege file.
It is described below in detail according to a particular embodiment of the invention, which includes the following steps:
Step 1, node server receive the request of the authority for a domain name www.123.com, judge local
Whether the caching of the authority is had, if so, being then sent directly to send out the client of request, if it is not, inquiry source
Whether have the authority, obtain the authority from source station if source station has and be sent to client, if source station does not have if standing
There is 4XX, 5XX conditional code then received from source station, and executes next step.
Step 2, by domain namewww.123.comIt is compared, judges with the white and black list of node server storage
The domain name whether there is in white list or blacklist, if being present in white list, returns and is generated in advance according to known condition
Default privilege file 4XX, 5XX conditional code for being received from source station is returned to, if being not present in white if being present in blacklist
In list and blacklist, then next step is executed.
Step 3, it is normal that the default rule of conduct stored according to node server, which judges that this is directed to the request of authority,
Behavior, scanning behavior or unknown behavior, if normal behaviour, then to client transmission default privilege file, and by the domain name
It is added in white list and updated white list is synchronized to central server, then will be updated white by central server
List is issued to each node server;If scanning behavior, then 4XX, 5XX conditional code received from source station is returned to, by the domain name
It is added in blacklist and updated blacklist is synchronized to central server, then will be updated black by central server
Name single pass-through internal information pipeline is issued to each node server;If unknown behavior, then default privilege file is equally returned to, and
Execute next step.
Step 4 will be sent to central server with the relevant information of the request.
Step 5, central server extracts the header information of the request from the request relevant information, by header information
Compared with the head feature database of the known scanning behavior of storage pair, if the head that the header information is with one scan line
Feature is consistent, it is determined that the request is scanning behavior, which is added in blacklist, if inconsistent, it is determined that
The request is normal behaviour, which is added in white list, and is believed the head in the request message of the unknown behavior
Breath is added in head feature database.
Updated white and black list and head feature database are passed through inside by step 6, central server
Information conduit is issued to each node server.
The present invention also provides a kind of systems preventing scanning authority, as shown in Fig. 2, the system comprises node clothes
Business device, the node server include:
Receiving module 201, for receiving request of the client for the authority of a domain name;
First judgment module 202, for judging that domain name whether there is in the white list or blacklist to prestore, and
If judging, domain name is not present in the white list to prestore or blacklist, judges that the request is based on default judgment rule
Normal behaviour, scanning behavior or unknown behavior;
First execution module 203 when for being judged as normal behaviour or unknown behavior, is then sent advance to the client
The default privilege file of generation when being judged as scanning behavior, then refuses the request.
Wherein, when first execution module is additionally operable to judge the request as unknown behavior, then to the client
After sending the default privilege file, the request relevant information is sent to central server;
The system also includes central server, the central server includes the second judgment module, for based on described
Request relevant information judges the request for normal behaviour, scanning behavior.
Wherein, the central server further includes acquisition module and the second execution module:
The acquisition module is used to obtain the header information of the request based on the request relevant information;
Second judgment module is used to judge the request for normal behaviour or scanning behavior based on the header information;
Second execution module by the corresponding domain name of request for when being judged as normal behaviour, being then added white list
In, when being judged as scanning behavior, then the corresponding domain name of the request is added in blacklist, and by the white list and described black
List is issued to node server.
Wherein, first execution module is additionally operable to:
If judging, domain name is present in the white list, and the default privilege being generated in advance is sent to the client
File;
If judging, domain name is present in the blacklist, refuses the request.
Wherein, the node server further includes:
Generation module, it is described silent for before sending the default privilege file being generated in advance to the client, generating
Recognize authority.
Wherein, first judgment module is additionally operable to upon receiving the request, and whether is judging domain name
It is present in before the white list or the blacklist, judges whether there is the authority on the node server;
If first execution module is additionally operable to the authority, the authority is sent to the client
End, if without the authority, inquires whether the source station of domain name has the authority, if so, then from the source
It stands and obtains the authority and be sent to the client.
The method and system for preventing scanning authority in the present invention is applicable in various networks and system architecture,
With following advantageous effects:
(1) client traffic behavior is distinguished, identifies which client traffic needs authority, which client does not need permission text
Part.
(2) discrimination for being directed to particular request behavior reaches 95% or more, is trained by data, discrimination can reach more
It is high.
(3) face the reality the changeable situation of service environment, real time modifying rule and with true web portal security scan data
Comparison finds out possible new judgment rule by data analysis, matches client traffic behavior.
(4) it issues come into force rapidly, in client in the feelings not perceived when changing rule, list by the whole network information conduit
It is solved the problems, such as under condition, improves user experience.
Descriptions above can combine implementation individually or in various ways, and these variants all exist
Within protection scope of the present invention.
It should be noted that herein, the terms "include", "comprise" or its any other variant are intended to non-row
His property includes, so that article or equipment including a series of elements include not only those elements, but also includes not having
There is the other element being expressly recited, or further includes for this article or the intrinsic element of equipment.Do not limiting more
In the case of system, the element that is limited by sentence " including ... ", it is not excluded that including the element article or equipment in
There is also other identical elements.
The above examples are only used to illustrate the technical scheme of the present invention and are not limiting, reference only to preferred embodiment to this hair
It is bright to be described in detail.It will be understood by those of ordinary skill in the art that can modify to technical scheme of the present invention
Or equivalent replacement should all cover the claim model in the present invention without departing from the spirit of the technical scheme of the invention and range
In enclosing.
It will appreciated by the skilled person that whole or certain steps in method disclosed hereinabove, system, dress
Function module/unit in setting may be implemented as software, firmware, hardware and its combination appropriate.In hardware embodiment,
Division between the function module/unit referred in the above description not necessarily corresponds to the division of physical assemblies;For example, one
Physical assemblies can have multiple functions or a function or step that can be executed by several physical assemblies cooperations.Certain groups
Part or all components may be implemented as by processor, such as the software that digital signal processor or microprocessor execute, or by
It is embodied as hardware, or is implemented as integrated circuit, such as application-specific integrated circuit.Such software can be distributed in computer-readable
On medium, computer-readable medium may include computer storage media (or non-transitory medium) and communication media (or temporarily
Property medium).As known to a person of ordinary skill in the art, term computer storage medium is included in for storing information (such as
Computer-readable instruction, data structure, program module or other data) any method or technique in the volatibility implemented and non-
Volatibility, removable and nonremovable medium.Computer storage media include but not limited to RAM, ROM, EEPROM, flash memory or its
His memory technology, CD-ROM, digital versatile disc (DVD) or other optical disc storages, magnetic holder, tape, disk storage or other
Magnetic memory apparatus or any other medium that can be used for storing desired information and can be accessed by a computer.This
Outside, known to a person of ordinary skill in the art to be, communication media generally comprises computer-readable instruction, data structure, program mould
Other data in the modulated data signal of block or such as carrier wave or other transmission mechanisms etc, and may include any information
Delivery media.
Claims (12)
1. a kind of method preventing scanning authority, which is characterized in that the method includes:
Step 1, after node server receives client for the request of the authority of a domain name, whether judge domain name
It is present in the white list or blacklist to prestore;
Step 2, if judging, domain name is not present in the white list to prestore or blacklist, is judged based on default judgment rule
The request is normal behaviour, scanning behavior or unknown behavior, if normal behaviour or unknown behavior, is then sent out to the client
The default privilege file being generated in advance is sent, if scanning behavior, then refuses the request.
2. the method as described in claim 1, which is characterized in that the step 2 further includes:
If judging, the request for unknown behavior, after sending the default privilege file to the client, is asked by described in
Relevant information is asked to be sent to central server;
The central server judges the request for normal behaviour, scanning behavior based on the request relevant information.
3. method as claimed in claim 2, which is characterized in that the central server is judged based on the request relevant information
The request is normal behaviour, scanning behavior includes:
The header information of the request is obtained based on the request relevant information;
The request is judged for normal behaviour or scanning behavior, if being judged as normal behaviour, by institute based on the header information
It states the corresponding domain name of request to be added in white list, if being judged as scanning behavior, black name is added in the corresponding domain name of request
Dan Zhong;
The white list and the blacklist are issued to node server.
4. the method as described in claim 1, which is characterized in that the step 2 further includes:
If judging, domain name is present in the white list, and the default privilege text being generated in advance is sent to the client
Part;
If judging, domain name is present in the blacklist, refuses the request.
5. method as described in claim 1 or 4, which is characterized in that the method further includes being executed before the step 2:
Generate the default privilege file.
6. the method as described in claim 1, which is characterized in that the step 1 further include upon receiving the request, and
It is executed before the white list or the blacklist judging that domain name whether there is:
Judge whether there is the authority on the node server, the authority is sent to the client if having
End, if not having, inquires whether the source station of domain name has the authority, if so, then obtaining the power from the source station
Limit file cocurrent gives the client, if not having, judges that domain name whether there is in the white list or blacklist that prestore
In.
7. a kind of system preventing scanning authority, which is characterized in that the system comprises node server, the node clothes
Business device include:
Receiving module, for receiving request of the client for the authority of a domain name;
First judgment module, for judging that domain name whether there is in the white list or blacklist to prestore, and if judging
Domain name is not present in the white list or blacklist to prestore, then is based on default judgment rule and judges the request for normal row
For, scanning behavior or unknown behavior;
First execution module when for being judged as normal behaviour or unknown behavior, is then generated in advance to client transmission
Default privilege file when being judged as scanning behavior, then refuses the request.
8. system as claimed in claim 7, which is characterized in that
When first execution module is additionally operable to judge the request for unknown behavior, then described write from memory is being sent to the client
After recognizing authority, the request relevant information is sent to central server;
The system also includes central server, the central server includes the second judgment module, for being based on the request
Relevant information judges the request for normal behaviour, scanning behavior.
9. system as claimed in claim 8, which is characterized in that the central server further includes that acquisition module and second execute
Module:
The acquisition module is used to obtain the header information of the request based on the request relevant information;
Second judgment module is used to judge the request for normal behaviour or scanning behavior based on the header information;
When second execution module is used to be judged as normal behaviour, then the corresponding domain name of request is added in white list,
When being judged as scanning behavior, then the corresponding domain name of the request is added in blacklist, and by the white list and the black name
Singly it is issued to node server.
10. system as claimed in claim 7, which is characterized in that first execution module is additionally operable to:
If judging, domain name is present in the white list, and the default privilege text being generated in advance is sent to the client
Part;
If judging, domain name is present in the blacklist, refuses the request.
11. the system as described in claim 7 or 10, which is characterized in that the node server further includes:
Generation module, for before sending the default privilege file being generated in advance to the client, generating the acquiescence power
Limit file.
12. system as claimed in claim 7, which is characterized in that
First judgment module is additionally operable to upon receiving the request, and is judging domain name with the presence or absence of in described
Before white list or the blacklist, judge whether there is the authority on the node server;
If first execution module is additionally operable to the authority, the authority is sent to the client,
If without the authority, inquire whether the source station of domain name has the authority, if so, then being obtained from the source station
It takes the authority and is sent to the client.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810294217.6A CN108683631B (en) | 2018-03-30 | 2018-03-30 | Method and system for preventing scanning of authority file |
CN201911117164.1A CN110830496B (en) | 2018-03-30 | 2018-03-30 | Using method and operation method of system for preventing scanning authority file |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810294217.6A CN108683631B (en) | 2018-03-30 | 2018-03-30 | Method and system for preventing scanning of authority file |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911117164.1A Division CN110830496B (en) | 2018-03-30 | 2018-03-30 | Using method and operation method of system for preventing scanning authority file |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108683631A true CN108683631A (en) | 2018-10-19 |
CN108683631B CN108683631B (en) | 2019-12-20 |
Family
ID=63800265
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810294217.6A Active CN108683631B (en) | 2018-03-30 | 2018-03-30 | Method and system for preventing scanning of authority file |
CN201911117164.1A Active CN110830496B (en) | 2018-03-30 | 2018-03-30 | Using method and operation method of system for preventing scanning authority file |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911117164.1A Active CN110830496B (en) | 2018-03-30 | 2018-03-30 | Using method and operation method of system for preventing scanning authority file |
Country Status (1)
Country | Link |
---|---|
CN (2) | CN108683631B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109617996A (en) * | 2019-01-04 | 2019-04-12 | 平安科技(深圳)有限公司 | File uploads and method for down loading, server and computer readable storage medium |
CN110674499A (en) * | 2019-08-27 | 2020-01-10 | 成都网思科平科技有限公司 | Method, device and storage medium for identifying computer threat |
CN111181911A (en) * | 2019-08-23 | 2020-05-19 | 腾讯科技(深圳)有限公司 | Method, server, equipment and medium for protecting password blasting attack |
CN112637171A (en) * | 2020-12-15 | 2021-04-09 | 微医云(杭州)控股有限公司 | Data traffic processing method, device, equipment, system and storage medium |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101437314A (en) * | 2008-12-19 | 2009-05-20 | 深圳华为通信技术有限公司 | Method for automatically using network document, mobile terminal and customer equipment |
CN101561814A (en) * | 2009-05-08 | 2009-10-21 | 华中科技大学 | Topic crawler system based on social labels |
US20140189069A1 (en) * | 2012-12-27 | 2014-07-03 | Akamai Technologies Inc. | Mechanism for distinguishing between content to be served through first or second delivery channels |
CN103944757A (en) * | 2014-04-11 | 2014-07-23 | 珠海市君天电子科技有限公司 | Network anomaly detecting method and device |
CN105141621A (en) * | 2015-09-16 | 2015-12-09 | 北京星网锐捷网络技术有限公司 | Network access monitoring method and device |
CN107634959A (en) * | 2017-09-30 | 2018-01-26 | 北京奇虎科技有限公司 | Means of defence, apparatus and system based on automobile |
CN107846480A (en) * | 2016-09-19 | 2018-03-27 | 贵州白山云科技有限公司 | NXDOMAIN response bag treating method and apparatus |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102957694B (en) * | 2012-10-25 | 2016-08-31 | 北京奇虎科技有限公司 | A kind of method and device judging fishing website |
US20150106841A1 (en) * | 2013-10-14 | 2015-04-16 | Rhythm Newmedia Inc. | Dynamic Advertisement During Live Streaming |
CN104580216B (en) * | 2015-01-09 | 2017-10-03 | 北京京东尚科信息技术有限公司 | A kind of system and method limited access request |
CN107103245B (en) * | 2016-02-23 | 2022-08-02 | 中兴通讯股份有限公司 | File authority management method and device |
CN105871845A (en) * | 2016-03-31 | 2016-08-17 | 深圳市深信服电子科技有限公司 | Method and device for detecting Web vulnerability scanning behavior |
CN106790541B (en) * | 2016-12-22 | 2019-06-21 | 武汉斗鱼网络科技有限公司 | Data capture method and device |
CN107438079B (en) * | 2017-08-18 | 2020-05-01 | 杭州安恒信息技术股份有限公司 | Method for detecting unknown abnormal behaviors of website |
-
2018
- 2018-03-30 CN CN201810294217.6A patent/CN108683631B/en active Active
- 2018-03-30 CN CN201911117164.1A patent/CN110830496B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101437314A (en) * | 2008-12-19 | 2009-05-20 | 深圳华为通信技术有限公司 | Method for automatically using network document, mobile terminal and customer equipment |
CN101561814A (en) * | 2009-05-08 | 2009-10-21 | 华中科技大学 | Topic crawler system based on social labels |
US20140189069A1 (en) * | 2012-12-27 | 2014-07-03 | Akamai Technologies Inc. | Mechanism for distinguishing between content to be served through first or second delivery channels |
CN103944757A (en) * | 2014-04-11 | 2014-07-23 | 珠海市君天电子科技有限公司 | Network anomaly detecting method and device |
CN105141621A (en) * | 2015-09-16 | 2015-12-09 | 北京星网锐捷网络技术有限公司 | Network access monitoring method and device |
CN107846480A (en) * | 2016-09-19 | 2018-03-27 | 贵州白山云科技有限公司 | NXDOMAIN response bag treating method and apparatus |
CN107634959A (en) * | 2017-09-30 | 2018-01-26 | 北京奇虎科技有限公司 | Means of defence, apparatus and system based on automobile |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109617996A (en) * | 2019-01-04 | 2019-04-12 | 平安科技(深圳)有限公司 | File uploads and method for down loading, server and computer readable storage medium |
CN111181911A (en) * | 2019-08-23 | 2020-05-19 | 腾讯科技(深圳)有限公司 | Method, server, equipment and medium for protecting password blasting attack |
CN110674499A (en) * | 2019-08-27 | 2020-01-10 | 成都网思科平科技有限公司 | Method, device and storage medium for identifying computer threat |
CN112637171A (en) * | 2020-12-15 | 2021-04-09 | 微医云(杭州)控股有限公司 | Data traffic processing method, device, equipment, system and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN110830496B (en) | 2021-08-17 |
CN110830496A (en) | 2020-02-21 |
CN108683631B (en) | 2019-12-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108683631A (en) | A kind of method and system preventing scanning authority | |
CN103607385B (en) | Method and apparatus for security detection based on browser | |
CN104426906A (en) | Identifying malicious devices within a computer network | |
CN109889469B (en) | Short message verification method, device, storage medium, short message verification system and terminal | |
CN112261172A (en) | Service addressing access method, device, system, equipment and medium | |
CN112260990A (en) | Method and device for safely accessing intranet application | |
US20170061133A1 (en) | Automated Security Vulnerability Exploit Tracking on Social Media | |
CN109660552A (en) | A kind of Web defence method combining address jump and WAF technology | |
CN105516395A (en) | Network address assignment method and device | |
CN111190962A (en) | File synchronization method and device and local terminal | |
CN107463839A (en) | A kind of system and method for managing application program | |
CN113190837A (en) | Web attack behavior detection method and system based on file service system | |
CN112351117A (en) | Domain name management method and device, electronic equipment and storage medium | |
CN111966967A (en) | Copyright storage method and system based on block chain technology and CDN | |
CN109347785A (en) | A kind of terminal type recognition methods and device | |
CN102754488B (en) | The control method of user's access, Apparatus and system | |
CN112689017B (en) | Redirection processing method and device, electronic equipment and storage medium | |
CN111866993B (en) | Wireless local area network connection management method, device, software program and storage medium | |
CN113472831B (en) | Service access method, device, gateway equipment and storage medium | |
CN105164969B (en) | The recognition methods of instant communication client and identifying system | |
CN111538527A (en) | Method and device for verifying gray release, electronic equipment and storage medium | |
CN110351273B (en) | Method, device and system for network tracking long chain attack | |
CN108055299A (en) | Portal page push method, network access server and portal certification system | |
CN109347766B (en) | Resource scheduling method and device | |
CN108076165A (en) | A kind of method, equipment and the system of domain name mapping information management |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |