CN109067807A - Safety protecting method, device and electronic equipment based on WEB application firewall overload - Google Patents

Safety protecting method, device and electronic equipment based on WEB application firewall overload Download PDF

Info

Publication number
CN109067807A
CN109067807A CN201811206441.1A CN201811206441A CN109067807A CN 109067807 A CN109067807 A CN 109067807A CN 201811206441 A CN201811206441 A CN 201811206441A CN 109067807 A CN109067807 A CN 109067807A
Authority
CN
China
Prior art keywords
system resource
module
processing module
web application
service processing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811206441.1A
Other languages
Chinese (zh)
Inventor
石达锋
范渊
莫金友
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
DBAPPSecurity Co Ltd
Hangzhou Dbappsecurity Technology Co Ltd
Original Assignee
Hangzhou Dbappsecurity Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dbappsecurity Technology Co Ltd filed Critical Hangzhou Dbappsecurity Technology Co Ltd
Priority to CN201811206441.1A priority Critical patent/CN109067807A/en
Publication of CN109067807A publication Critical patent/CN109067807A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0876Network utilisation, e.g. volume of load or congestion level
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0876Network utilisation, e.g. volume of load or congestion level
    • H04L43/0888Throughput
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0876Network utilisation, e.g. volume of load or congestion level
    • H04L43/0894Packet rate
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/16Threshold monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/029Firewall traversal, e.g. tunnelling or, creating pinholes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Abstract

The present invention provides a kind of safety protecting method, device and electronic equipment based on WEB application firewall overload, is related to field of information security technology, the safety protecting method based on WEB application firewall overload, comprising: the system resource of monitoring WEB application firewall;According to the use state of system resource, judgement leads to the target service processing module of system resource exception;Target service processing module includes: at least one of bridge modules and WEB proxy module;Adjustment instruction is sent to bypass interface corresponding with target service processing module, so that bypass interface lets pass to the partial discharge beyond WEB application firewall processing capacity.The present invention passes through monitoring system resource service condition, before resource exhaustion, the bypass interface of corresponding Service Processing Module is adjusted, so that the part WEB flow that will exceed processing capacity is let pass to server, influence of the WEB application fire wall performance problem to client's WEB service can be eliminated.

Description

Safety protecting method, device and electronic equipment based on WEB application firewall overload
Technical field
The present invention relates to field of information security technology, more particularly, to a kind of safety based on WEB application firewall overload Means of defence, device and electronic equipment.
Background technique
The gateway type equipment that WEB application firewall is serially connected in user network as one, the performance issue of itself are more next It is more taken seriously, performance deficiency has been the principal element that WEB application firewall influences WEB service normality.When client face Face peak traffic or (Distributed denial of service attack, distributed denial of service are attacked by people DDOS Hit) attack when, since WEB application firewall node performance is insufficient, the matters of aggravation that usually will cause service disconnection occurs, and influences The WEB service of client.
In view of the above technical problems, there is presently no effective solution methods.
Summary of the invention
In view of this, the purpose of the present invention is to provide it is a kind of based on WEB application firewall overload safety protecting method, Device and electronic equipment before resource exhaustion, can will exceed the portion of processing capacity by monitoring system resource service condition Divide WEB flow to let pass to server, eliminates influence of the WEB application fire wall performance problem to client's WEB service.
In a first aspect, the embodiment of the invention provides a kind of safety protecting method based on WEB application firewall overload, packet It includes:
Monitor the system resource of WEB application firewall;
According to the use state of system resource, judgement leads to the target service processing module of system resource exception;Target industry Processing module of being engaged in includes: at least one of bridge modules and WEB proxy module;
Adjustment instruction is sent to bypass interface corresponding with target service processing module, so that bypass interface is to exceeding The partial discharge of WEB application firewall processing capacity is let pass.
With reference to first aspect, the embodiment of the invention provides the first possible embodiments of first aspect, wherein root According to the use state of system resource, judge to cause the step of target service processing module of system resource exception is bridge modules, Include:
Obtain the index value of system resource;Index value includes at least following one: concurrent connection number, newly-built connection speed, Handling capacity;
When at least one of index value is more than corresponding preset threshold, judgement leads to the target service of system resource exception Processing module is bridge modules.
With reference to first aspect, the embodiment of the invention provides second of possible embodiments of first aspect, wherein root According to the use state of system resource, judge the target service processing module for leading to system resource exception as the step of WEB proxy module Suddenly, comprising:
Obtain cpu load value and memory memory value;
When any one of cpu load value and memory memory value are more than corresponding preset threshold, judgement causes system to provide The target service processing module of source exception is WEB proxy module.
With reference to first aspect, the embodiment of the invention provides the third possible embodiments of first aspect, wherein net The first configuration file is provided in bridge module;Index value threshold value is written for user in first configuration file;Index value includes: concurrent Connection number, newly-built connection speed and handling capacity.
With reference to first aspect, the embodiment of the invention provides the 4th kind of possible embodiments of first aspect, wherein The second configuration file is provided in WEB proxy module;Cpu load value threshold value, memory is written for user in second configuration file The instruction that memory value threshold value and bypass are executed configures content.
Second aspect, the embodiment of the present invention also provide a kind of safety device based on WEB application firewall overload, packet It includes:
Monitoring module, for monitoring the system resource of WEB application firewall;
Judgment module, for the use state according to system resource, judgement causes at the target service of system resource exception Manage module;Target service processing module includes: at least one of bridge modules and WEB proxy module;
Module is adjusted, for sending adjustment instruction to bypass interface corresponding with target service processing module, to super The partial discharge of WEB application firewall processing capacity is let pass out.
In conjunction with second aspect, the embodiment of the invention provides the first possible embodiments of second aspect, wherein sentences Disconnected module includes:
First obtains module, for obtaining the index value of system resource;Index value includes at least following one: concurrently connecting Number, newly-built connection speed, handling capacity;
First judgment module, for when at least one of index value is more than corresponding preset threshold, judgement to lead to system The target service processing module of resource exception is bridge modules.
In conjunction with second aspect, the embodiment of the invention provides second of possible embodiments of second aspect, wherein sentences Disconnected module further include:
Second obtains module, for obtaining cpu load value and memory memory value;
Second judgment module, for being more than corresponding preset threshold in any one of cpu load value and memory memory value When, judge to cause the target service processing module of system resource exception as WEB proxy module.
The third aspect, the embodiment of the present invention also provide a kind of electronic equipment, including memory, processor, deposit on memory The computer program that can be run on a processor is contained, processor realizes above-mentioned first aspect and first when executing computer program The step of method described in any possible embodiment of aspect.
Fourth aspect, the embodiment of the present invention also provide a kind of meter of non-volatile program code that can be performed with processor Calculation machine readable medium, program code execute processor described in any possible embodiment of first aspect and first aspect Method.
The embodiment of the present invention bring it is following the utility model has the advantages that
Safety protecting method provided in an embodiment of the present invention based on WEB application firewall overload includes: monitoring WEB application The system resource of firewall;According to the use state of system resource, judgement causes the target service of system resource exception to handle mould Block;Target service processing module includes: at least one of bridge modules and WEB proxy module;To with target service processing module Corresponding bypass interface sends adjustment instruction, so that bypass interface is to the part for exceeding WEB application firewall processing capacity Flow is let pass.The present invention is by monitoring system resource service condition, before resource exhaustion, to corresponding business processing mould The bypass interface of block is adjusted, so that the part WEB flow that will exceed processing capacity is let pass to server, can be eliminated Influence of the WEB application fire wall performance problem to client's WEB service.
Other features and advantages of the present invention will illustrate in the following description, also, partly become from specification It obtains it is clear that understand through the implementation of the invention.The objectives and other advantages of the invention are in specification, claims And specifically noted structure is achieved and obtained in attached drawing.
To enable the above objects, features and advantages of the present invention to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate Appended attached drawing, is described in detail below.
Detailed description of the invention
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art Embodiment or attached drawing needed to be used in the description of the prior art be briefly described, it should be apparent that, it is described below Attached drawing is some embodiments of the present invention, for those of ordinary skill in the art, before not making the creative labor It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 is a kind of stream for safety protecting method based on WEB application firewall overload that the embodiment of the present invention one provides Cheng Tu;
Fig. 2 is another safety protecting method based on WEB application firewall overload that the embodiment of the present invention one provides Flow chart;
Fig. 3 is another safety protecting method based on WEB application firewall overload that the embodiment of the present invention one provides Flow chart;
Fig. 4 is a kind of showing for safety device based on WEB application firewall overload provided by Embodiment 2 of the present invention It is intended to;
Fig. 5 is the schematic diagram for a kind of electronic equipment that the embodiment of the present invention three provides.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with attached drawing to the present invention Technical solution be clearly and completely described, it is clear that described embodiments are some of the embodiments of the present invention, rather than Whole embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise Under every other embodiment obtained, shall fall within the protection scope of the present invention.
Since WEB application firewall node performance is insufficient, the matters of aggravation that usually will cause service disconnection occurs, and influences visitor The WEB service at family.Based on this, the embodiment of the present invention provide it is a kind of based on WEB application firewall overload safety protecting method, dress It sets and electronic equipment, by monitoring system resource service condition, before resource exhaustion, to corresponding Service Processing Module Bypass interface is adjusted, so that the part WEB flow that will exceed processing capacity is let pass to server, can be eliminated WEB and be answered Influence with fire wall performance problem to client's WEB service.
To be prevented based on WEB application one kind disclosed in the embodiment of the present invention first convenient for understanding the present embodiment The safety protecting method of wall with flues overload describes in detail.
Embodiment one:
The embodiment of the invention provides a kind of safety protecting method based on WEB application firewall overload, i.e. one kind is based on The security mechanism of WEB application firewall overload.It is shown in Figure 1, method includes the following steps:
S101: the system resource of monitoring WEB application firewall.
In a particular application, service traffics are inside WEB application firewall, mainly by bridge modules (such as webstat), Tri- WEB proxy module (such as webproxy), apache/nginx modules.When service traffics are excessive, three modules by CPU or Memory source exhausts.Therefore, the thinking solved the problems, such as is before WEB application firewall resources exhaust, to will exceed processing capacity Partial discharge let pass.Specifically, monitoring the system resource of WEB application firewall, i.e. CPU and memory first.
S102: according to the use state of system resource, judgement leads to the target service processing module of system resource exception.
Wherein, target service processing module includes: at least one of bridge modules and WEB proxy module.Monitoring WEB After the use state of the system resource of application firewall, further according to use state, judgement leads to the target industry of resource exception Business processing module, so that the bypass interface to the target service processing module for causing system resource exception is adjusted.Work as CPU When will be used up with memory, it can be determined that go out system resource and be abnormal, specifically according to use state, judgement causes resource different The process of normal target service processing module includes at least following two situation:
(1) according to the use state of system resource, judge to cause the target service processing module of system resource exception as net The step of bridge module, specifically includes following steps, shown in Figure 2:
S201: the index value of system resource is obtained;Index value includes at least following one: concurrent connection number, newly-built connection Rate, handling capacity.
S202: when at least one of index value is more than corresponding preset threshold, judgement leads to the mesh of system resource exception Mark Service Processing Module is bridge modules.
Under king-sized concurrent, newly-built flow, bridge modules performance itself may be insufficient;Thus, it is necessary in bridge Overload bypass function is provided in module, is used for skip detection engine, directly access protection website, will exceed system processing capacity Connection it is direct two layers forwarding.
System processing capacity specifically how is seen if fall out, the present embodiment mainly uses three static indexs, comprising: Concurrent connection number, newly-built connection speed, handling capacity.When these three indexs are any exceeds corresponding preset threshold, determine current Flow exceeds system processing capacity, i.e. WEB application firewall is powerless.
Later, if it is decided that WEB application firewall at this time is powerless, then by current this connection bypass, Otherwise normal agency;It should be noted that being bypass or normal agency, this direction, it is necessary to as unit of connection, without It can be as unit of packet, that is, all packets during a connection continues, regardless of system mode changes, in this connection Unified direction must be taken.
In addition, bridge modules also provide three proc files, i.e. the first configuration file, three fingers are respectively written into for User space Target value is respectively as metrics-thresholds:
A. concurrent connection number/waf/conn_limit;
B. connection speed/waf/freq_limit is created;
C. handling capacity/waf/throughput_limit.
It should be noted that reading configuration when bridge modules starting, configuration is not received during bridge modules operation and is rewritten.
(2) according to the use state of system resource, judge to cause the target service processing module of system resource exception as WEB The step of proxy module, specifically includes following steps, shown in Figure 3:
S301: cpu load value and memory memory value are obtained.
The second configuration file is provided in WEB proxy module;Cpu load value threshold is written for user in second configuration file The instruction that value, memory memory value threshold value and bypass are executed configures content.
S302: when any one of cpu load value and memory memory value be more than corresponding preset threshold when, judgement cause be The target service processing module of system resource exception is WEB proxy module.
WEB proxy module supports configuration item to increase, such as:
cpu_load_water<load>
mem_load_water<mem>
By checking following file in real time:
/proc/loadavg
/proc/meminfo
Current CPU load value and memory memory value are obtained, when the two is any is more than the threshold value set in configuration, is sentenced The disconnected target service processing module for leading to system resource exception is WEB proxy module.WEB proxy module will be connected currently Otherwise current connection is sent to detecting and alarm by bypass.
In addition to setting cpu load value and memory memory value
cpu_load_water<load>
mem_load_water<mem>
Except, it increases, the instruction configuration item that bypass is executed,
change_backend_overload<from_be><to_be>
Its parameter has two, from_be, to_be
Its significance lies in that specified:
When connection will be sent to rear end from_be, but it creates or concurrently exceeds the upper limit,
Connection is redirected and is sent to rear end to_be.
For example, the profile instance instructed the following are one:
This configuration item of listen inhttp1# needs to be placed in frontend
...
change_backend_overloadrcheckno_check
...
In addition, needing that this configuration item is added in each frontend block, specified relationship:
change_backend_overload rcheck_site_1ncheck_site_1
change_backend_overload rcheck_site_2ncheck_site_2
...
change_backend_overloadrcheckncheck。
S103: adjustment instruction is sent to bypass interface corresponding with target service processing module, so that bypass interface It lets pass to the partial discharge beyond WEB application firewall processing capacity.
After the target service processing module for determining to cause system resource exception through the above steps, further, to The corresponding bypass interface of target service processing module sends adjustment instruction, to adjust the state of bypass interface, thus to super The partial discharge of WEB application firewall processing capacity is let pass out.
Safety protecting method based on WEB application firewall overload provided by the embodiment of the present invention, passes through monitoring system Resource service condition is adjusted the bypass interface of corresponding Service Processing Module before resource exhaustion, to will surpass The part WEB flow of processing capacity is let pass to server out, can eliminate WEB application fire wall performance problem to client's WEB industry The influence of business.
Embodiment two:
The embodiment of the present invention also provides a kind of safety device based on WEB application firewall overload, referring to fig. 4 institute Show, which includes: monitoring module 41, judgment module 42 and adjustment module 43.
Monitoring module 41, for monitoring the system resource of WEB application firewall;Judgment module 42, for being provided according to system The use state in source, judgement lead to the target service processing module of system resource exception;Target service processing module includes: bridge At least one of module and WEB proxy module;Module 43 is adjusted, for connecing to bypass corresponding with target service processing module Mouth sends adjustment instruction, to let pass to the partial discharge beyond WEB application firewall processing capacity.
Judgment module 42 specifically includes: first obtains module and first judgment module.
Wherein, first module is obtained, for obtaining the index value of system resource;Index value includes at least following one: simultaneously Send out connection number, newly-built connection speed, handling capacity;First judgment module, for being more than corresponding pre- at least one of index value If when threshold value, judging to cause the target service processing module of system resource exception as bridge modules.
Moreover, it is judged that module 42 further include: second obtains module and the second judgment module.
Wherein, second module is obtained, for obtaining cpu load value and memory memory value;Second judgment module is used for When any one of cpu load value and memory memory value are more than corresponding preset threshold, judgement leads to the mesh of system resource exception Mark Service Processing Module is WEB proxy module.
In safety device based on WEB application firewall overload provided by the embodiment of the present invention, modules with Therefore the aforementioned safety protecting method technical characteristic having the same based on WEB application firewall overload equally may be implemented State function.The specific work process of modules is referring to above method embodiment in the present apparatus, and details are not described herein.
Embodiment three:
The embodiment of the present invention provides a kind of electronic equipment, and shown in Figure 5, which includes: processor 50, storage Device 51, bus 52 and communication interface 53, the processor 50, communication interface 53 and memory 51 are connected by bus 52;Processing Device 50 is for executing the executable module stored in memory 51, such as computer program.When processor executes computer program The step of realizing the method as described in embodiment of the method.
Wherein, memory 51 may include high-speed random access memory (RAM, RandomAccessMemory), can also It can further include nonvolatile memory (non-volatile memory), for example, at least a magnetic disk storage.Pass through at least one A communication interface 53 (can be wired or wireless) realizes the communication link between the system network element and at least one other network element It connects, internet, wide area network, local network, Metropolitan Area Network (MAN) etc. can be used.
Bus 52 can be isa bus, pci bus or eisa bus etc..The bus can be divided into address bus, data Bus, control bus etc..Only to be indicated with a four-headed arrow convenient for indicating, in Fig. 5, it is not intended that an only bus or A type of bus.
Wherein, memory 51 is for storing program, and the processor 50 executes the journey after receiving and executing instruction Sequence, method performed by the device that the stream process that aforementioned any embodiment of the embodiment of the present invention discloses defines can be applied to handle In device 50, or realized by processor 50.
Processor 50 may be a kind of IC chip, the processing capacity with signal.During realization, above-mentioned side Each step of method can be completed by the integrated logic circuit of the hardware in processor 50 or the instruction of software form.Above-mentioned Processor 50 can be general processor, including central processing unit (Central Processing Unit, abbreviation CPU), network Processor (Network Processor, abbreviation NP) etc.;It can also be digital signal processor (Digital Signal Processing, abbreviation DSP), specific integrated circuit (Application Specific Integrated Circuit, referred to as ASIC), ready-made programmable gate array (Field-Programmable Gate Array, abbreviation FPGA) or other are programmable Logical device, discrete gate or transistor logic, discrete hardware components.It may be implemented or execute in the embodiment of the present invention Disclosed each method, step and logic diagram.General processor can be microprocessor or the processor is also possible to appoint What conventional processor etc..The step of method in conjunction with disclosed in the embodiment of the present invention, can be embodied directly in hardware decoding processing Device executes completion, or in decoding processor hardware and software module combination execute completion.Software module can be located at Machine memory, flash memory, read-only memory, programmable read only memory or electrically erasable programmable memory, register etc. are originally In the storage medium of field maturation.The storage medium is located at memory 51, and processor 50 reads the information in memory 51, in conjunction with Its hardware completes the step of above method.
The computer program of safety protecting method based on WEB application firewall overload provided by the embodiment of the present invention produces Product, the computer readable storage medium including storing the executable non-volatile program code of processor, said program code Including instruction can be used for executing previous methods method as described in the examples, specific implementation can be found in embodiment of the method, herein It repeats no more.
It is apparent to those skilled in the art that for convenience and simplicity of description, the device of foregoing description And the specific work process of electronic equipment, it can refer to corresponding processes in the foregoing method embodiment, details are not described herein.
The flow chart and block diagram in the drawings show multiple embodiment method and computer program products according to the present invention Architecture, function and operation in the cards.In this regard, each box in flowchart or block diagram can represent one A part of module, section or code, a part of the module, section or code include it is one or more for realizing The executable instruction of defined logic function.It should also be noted that in some implementations as replacements, function marked in the box It can also can occur in a different order than that indicated in the drawings.For example, two continuous boxes can actually be substantially parallel Ground executes, they can also be executed in the opposite order sometimes, and this depends on the function involved.It is also noted that block diagram And/or the combination of each box in flow chart and the box in block diagram and or flow chart, it can the function as defined in executing Can or the dedicated hardware based system of movement realize, or can come using a combination of dedicated hardware and computer instructions real It is existing.
In the description of the present invention, it should be noted that term " center ", "upper", "lower", "left", "right", "vertical", The orientation or positional relationship of the instructions such as "horizontal", "inner", "outside" be based on the orientation or positional relationship shown in the drawings, merely to Convenient for description the present invention and simplify description, rather than the device or element of indication or suggestion meaning must have a particular orientation, It is constructed and operated in a specific orientation, therefore is not considered as limiting the invention.In addition, term " first ", " second ", " third " is used for descriptive purposes only and cannot be understood as indicating or suggesting relative importance.
In several embodiments provided herein, it should be understood that disclosed systems, devices and methods, it can be with It realizes by another way.The apparatus embodiments described above are merely exemplary, for example, the division of the unit, Only a kind of logical function partition, there may be another division manner in actual implementation, in another example, multiple units or components can To combine or be desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or beg for The mutual coupling, direct-coupling or communication connection of opinion can be through some communication interfaces, device or unit it is indirect Coupling or communication connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product It is stored in the executable non-volatile computer-readable storage medium of a processor.Based on this understanding, of the invention Technical solution substantially the part of the part that contributes to existing technology or the technical solution can be with software in other words The form of product embodies, which is stored in a storage medium, including some instructions use so that One computer equipment (can be personal computer, server or the network equipment etc.) executes each embodiment institute of the present invention State all or part of the steps of method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (ROM, Read- Only Memory), random access memory (RAM, Random Access Memory), magnetic or disk etc. are various can be with Store the medium of program code.
Finally, it should be noted that embodiment described above, only a specific embodiment of the invention, to illustrate the present invention Technical solution, rather than its limitations, scope of protection of the present invention is not limited thereto, although with reference to the foregoing embodiments to this hair It is bright to be described in detail, those skilled in the art should understand that: anyone skilled in the art In the technical scope disclosed by the present invention, it can still modify to technical solution documented by previous embodiment or can be light It is readily conceivable that variation or equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make The essence of corresponding technical solution is detached from the spirit and scope of technical solution of the embodiment of the present invention, should all cover in protection of the invention Within the scope of.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (10)

1. a kind of safety protecting method based on WEB application firewall overload characterized by comprising
Monitor the system resource of WEB application firewall;
According to the use state of the system resource, judgement leads to the target service processing module of the system resource exception;Institute Stating target service processing module includes: at least one of bridge modules and WEB proxy module;
Adjustment instruction is sent to bypass interface corresponding with the target service processing module, so that the bypass interface pair Partial discharge beyond the WEB application firewall processing capacity is let pass.
2. the method according to claim 1, wherein according to the use state of the system resource, judgement causes The step of target service processing module of the system resource exception is bridge modules, comprising:
Obtain the index value of system resource;The index value includes at least following one: concurrent connection number, newly-built connection speed, Handling capacity;
When at least one of described index value is more than corresponding preset threshold, judgement leads to the target of the system resource exception Service Processing Module is bridge modules.
3. the method according to claim 1, wherein according to the use state of the system resource, judgement causes The step of target service processing module of the system resource exception is WEB proxy module, comprising:
Obtain cpu load value and memory memory value;
When any one of the cpu load value and the memory memory value are more than corresponding preset threshold, judgement leads to institute The target service processing module for stating system resource exception is WEB proxy module.
4. the method according to claim 1, wherein being provided with the first configuration file in the bridge modules;Institute It states the first configuration file and index value threshold value is written for user;The index value include: concurrent connection number, newly-built connection speed and Handling capacity.
5. the method according to claim 1, wherein being provided with the second configuration file in the WEB proxy module; The instruction that cpu load value threshold value, memory memory value threshold value and bypass are executed is written for user for second configuration file Configure content.
6. a kind of safety device based on WEB application firewall overload characterized by comprising
Monitoring module, for monitoring the system resource of WEB application firewall;
Judgment module, for the use state according to the system resource, judgement leads to the target industry of the system resource exception Business processing module;The target service processing module includes: at least one of bridge modules and WEB proxy module;
Module is adjusted, for sending adjustment instruction to bypass interface corresponding with the target service processing module, to super The partial discharge of the WEB application firewall processing capacity is let pass out.
7. device according to claim 6, which is characterized in that the judgment module includes:
First obtains module, for obtaining the index value of system resource;The index value includes at least following one: concurrently connecting Number, newly-built connection speed, handling capacity;
First judgment module, for when at least one of described index value is more than corresponding preset threshold, judgement to cause described The target service processing module of system resource exception is bridge modules.
8. device according to claim 6, which is characterized in that the judgment module further include:
Second obtains module, for obtaining cpu load value and memory memory value;
Second judgment module, for being more than corresponding default in any one of the cpu load value and the memory memory value When threshold value, judge to cause the target service processing module of the system resource exception as WEB proxy module.
9. a kind of electronic equipment, including memory, processor, be stored on the memory to run on the processor Computer program, which is characterized in that the processor realizes that the claims 1 to 5 are any when executing the computer program The step of method described in item.
10. a kind of computer-readable medium for the non-volatile program code that can be performed with processor, which is characterized in that described Program code makes the processor execute the method described in any one of claim 1 to 5.
CN201811206441.1A 2018-10-16 2018-10-16 Safety protecting method, device and electronic equipment based on WEB application firewall overload Pending CN109067807A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811206441.1A CN109067807A (en) 2018-10-16 2018-10-16 Safety protecting method, device and electronic equipment based on WEB application firewall overload

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811206441.1A CN109067807A (en) 2018-10-16 2018-10-16 Safety protecting method, device and electronic equipment based on WEB application firewall overload

Publications (1)

Publication Number Publication Date
CN109067807A true CN109067807A (en) 2018-12-21

Family

ID=64765146

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811206441.1A Pending CN109067807A (en) 2018-10-16 2018-10-16 Safety protecting method, device and electronic equipment based on WEB application firewall overload

Country Status (1)

Country Link
CN (1) CN109067807A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110855796A (en) * 2019-11-22 2020-02-28 北京浪潮数据技术有限公司 Cloud platform web protection method, system, equipment and computer medium
CN111314290A (en) * 2019-12-30 2020-06-19 北京长亭未来科技有限公司 Method and device for protecting continuity of WEB application firewall service and electronic equipment
CN111368301A (en) * 2020-03-03 2020-07-03 深信服科技股份有限公司 Virus checking and killing method, device, equipment and readable storage medium
CN111970303A (en) * 2020-08-28 2020-11-20 杭州安恒信息技术股份有限公司 Business site mode switching method and device and computer readable storage medium
CN112165460A (en) * 2020-09-10 2021-01-01 杭州安恒信息技术股份有限公司 Flow detection method and device, computer equipment and storage medium
CN112165450A (en) * 2020-08-27 2021-01-01 杭州安恒信息技术股份有限公司 Safety protection method and device for WEB application firewall and electronic device
CN113691517A (en) * 2021-08-17 2021-11-23 北京天融信网络安全技术有限公司 Communication management method, device, equipment and medium for bypass
CN114546498A (en) * 2021-12-31 2022-05-27 广州芯德通信科技股份有限公司 Method, system and platform for processing abnormal starting based on optical transmitter and receiver
CN114640700A (en) * 2020-11-30 2022-06-17 腾讯科技(深圳)有限公司 Calling frequency control method and device

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101060531A (en) * 2007-05-17 2007-10-24 华为技术有限公司 A method and device for avoiding the attack of network equipment
CN101102264A (en) * 2006-07-04 2008-01-09 华为技术有限公司 Ethernet data forwarding method and Ethernet system
CN101483655A (en) * 2009-02-10 2009-07-15 杭州华三通信技术有限公司 Packet transmission method and proxy device for Internet group management protocol
CN101626402A (en) * 2009-08-10 2010-01-13 杭州华三通信技术有限公司 Distributed equipment and three-layered agency retransmission method thereof
CN104518897A (en) * 2013-09-30 2015-04-15 中国电信股份有限公司 Resource management optimization processing method and resource management optimization processing device for virtual firewalls
CN105208685A (en) * 2015-09-06 2015-12-30 杭州敦崇科技股份有限公司 Proxy AP realization method
CN106789981A (en) * 2016-12-07 2017-05-31 北京奇虎科技有限公司 Flow control methods, apparatus and system based on WAF
US20180176826A1 (en) * 2013-07-08 2018-06-21 Samsung Electronics Co., Ltd Apparatus and method for controlling control overload in wlan systems

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101102264A (en) * 2006-07-04 2008-01-09 华为技术有限公司 Ethernet data forwarding method and Ethernet system
CN101060531A (en) * 2007-05-17 2007-10-24 华为技术有限公司 A method and device for avoiding the attack of network equipment
CN101483655A (en) * 2009-02-10 2009-07-15 杭州华三通信技术有限公司 Packet transmission method and proxy device for Internet group management protocol
CN101626402A (en) * 2009-08-10 2010-01-13 杭州华三通信技术有限公司 Distributed equipment and three-layered agency retransmission method thereof
US20180176826A1 (en) * 2013-07-08 2018-06-21 Samsung Electronics Co., Ltd Apparatus and method for controlling control overload in wlan systems
CN104518897A (en) * 2013-09-30 2015-04-15 中国电信股份有限公司 Resource management optimization processing method and resource management optimization processing device for virtual firewalls
CN105208685A (en) * 2015-09-06 2015-12-30 杭州敦崇科技股份有限公司 Proxy AP realization method
CN106789981A (en) * 2016-12-07 2017-05-31 北京奇虎科技有限公司 Flow control methods, apparatus and system based on WAF

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
DG瑞恩: "《设备自身安全功能》", 《HTTPS://BLOG.51CTO.COM/U_8239783/1335092》 *
S00004159: "《USG5300启用UTM过载保护功能有何作用》", 《HTTPS://SUPPORT.HUAWEI.COM/ENTERPRISE/EN/KNOWLEDGE/KB1000009525》 *
杨飞: "《高校WAF+IPS+漏洞扫描安全防护体系的研究与应用》", 《电子测试》 *

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110855796A (en) * 2019-11-22 2020-02-28 北京浪潮数据技术有限公司 Cloud platform web protection method, system, equipment and computer medium
CN111314290A (en) * 2019-12-30 2020-06-19 北京长亭未来科技有限公司 Method and device for protecting continuity of WEB application firewall service and electronic equipment
CN111314290B (en) * 2019-12-30 2022-06-24 北京长亭未来科技有限公司 Method and device for WEB application firewall service continuity protection and electronic equipment
CN111368301A (en) * 2020-03-03 2020-07-03 深信服科技股份有限公司 Virus checking and killing method, device, equipment and readable storage medium
CN112165450A (en) * 2020-08-27 2021-01-01 杭州安恒信息技术股份有限公司 Safety protection method and device for WEB application firewall and electronic device
CN112165450B (en) * 2020-08-27 2023-04-21 杭州安恒信息技术股份有限公司 Security protection method and device for WEB application firewall and electronic device
CN111970303A (en) * 2020-08-28 2020-11-20 杭州安恒信息技术股份有限公司 Business site mode switching method and device and computer readable storage medium
CN112165460A (en) * 2020-09-10 2021-01-01 杭州安恒信息技术股份有限公司 Flow detection method and device, computer equipment and storage medium
CN114640700A (en) * 2020-11-30 2022-06-17 腾讯科技(深圳)有限公司 Calling frequency control method and device
CN113691517A (en) * 2021-08-17 2021-11-23 北京天融信网络安全技术有限公司 Communication management method, device, equipment and medium for bypass
CN113691517B (en) * 2021-08-17 2022-11-08 北京天融信网络安全技术有限公司 Communication management method, device, equipment and medium for bypass
CN114546498A (en) * 2021-12-31 2022-05-27 广州芯德通信科技股份有限公司 Method, system and platform for processing abnormal starting based on optical transmitter and receiver

Similar Documents

Publication Publication Date Title
CN109067807A (en) Safety protecting method, device and electronic equipment based on WEB application firewall overload
CN105745870B (en) Extend operation from for detecting the serial multistage filter flowed greatly removal nose filter to remove stream to realize
US11012409B2 (en) Anomaly detection in a controller area network
US9825841B2 (en) Method of and network server for detecting data patterns in an input data stream
CN109194684B (en) Method and device for simulating denial of service attack and computing equipment
JP5673805B2 (en) Network device, communication system, abnormal traffic detection method and program
CN111385121B (en) Transmission method of operation administration maintenance (iOAM) message and corresponding device
CN104424438B (en) A kind of antivirus file detection method, device and the network equipment
CN109309591B (en) Traffic data statistical method, electronic device and storage medium
CN109657463B (en) Method and device for defending message flooding attack
WO2019192133A1 (en) Electronic apparatus, data link risk pre-warning method, and storage medium
CN110457137A (en) Flow analytic method, device, electronic equipment and computer-readable medium
CN112073376A (en) Attack detection method and device based on data plane
US20180167337A1 (en) Application of network flow rule action based on packet counter
CN104184746B (en) Method and device for processing data by gateway
CN108965318A (en) Detect the method and device of unauthorized access device IP in industrial control network
JP6067195B2 (en) Information processing apparatus, information processing method, and program
CN103026679B (en) Alleviating of the pattern detected in the network equipment
CN109361658B (en) Industrial control industry-based abnormal flow information storage method and device and electronic equipment
US9401854B2 (en) System and method for slow link flap detection
CN101272386B (en) Prefix matching algorithm
CN116743406A (en) Network security early warning method and device, storage medium and computer equipment
CN108833282A (en) Data forwarding method, system, device and SDN switch
CN105704057B (en) The method and apparatus for determining the type of service of burst port congestion packet loss
JP2018533327A (en) Real-time distributed engine framework for Ethernet virtual connectivity

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20181221

RJ01 Rejection of invention patent application after publication