CN109067807A - Safety protecting method, device and electronic equipment based on WEB application firewall overload - Google Patents
Safety protecting method, device and electronic equipment based on WEB application firewall overload Download PDFInfo
- Publication number
- CN109067807A CN109067807A CN201811206441.1A CN201811206441A CN109067807A CN 109067807 A CN109067807 A CN 109067807A CN 201811206441 A CN201811206441 A CN 201811206441A CN 109067807 A CN109067807 A CN 109067807A
- Authority
- CN
- China
- Prior art keywords
- system resource
- module
- processing module
- web application
- service processing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
- H04L43/0888—Throughput
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
- H04L43/0894—Packet rate
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/16—Threshold monitoring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
Abstract
The present invention provides a kind of safety protecting method, device and electronic equipment based on WEB application firewall overload, is related to field of information security technology, the safety protecting method based on WEB application firewall overload, comprising: the system resource of monitoring WEB application firewall;According to the use state of system resource, judgement leads to the target service processing module of system resource exception;Target service processing module includes: at least one of bridge modules and WEB proxy module;Adjustment instruction is sent to bypass interface corresponding with target service processing module, so that bypass interface lets pass to the partial discharge beyond WEB application firewall processing capacity.The present invention passes through monitoring system resource service condition, before resource exhaustion, the bypass interface of corresponding Service Processing Module is adjusted, so that the part WEB flow that will exceed processing capacity is let pass to server, influence of the WEB application fire wall performance problem to client's WEB service can be eliminated.
Description
Technical field
The present invention relates to field of information security technology, more particularly, to a kind of safety based on WEB application firewall overload
Means of defence, device and electronic equipment.
Background technique
The gateway type equipment that WEB application firewall is serially connected in user network as one, the performance issue of itself are more next
It is more taken seriously, performance deficiency has been the principal element that WEB application firewall influences WEB service normality.When client face
Face peak traffic or (Distributed denial of service attack, distributed denial of service are attacked by people DDOS
Hit) attack when, since WEB application firewall node performance is insufficient, the matters of aggravation that usually will cause service disconnection occurs, and influences
The WEB service of client.
In view of the above technical problems, there is presently no effective solution methods.
Summary of the invention
In view of this, the purpose of the present invention is to provide it is a kind of based on WEB application firewall overload safety protecting method,
Device and electronic equipment before resource exhaustion, can will exceed the portion of processing capacity by monitoring system resource service condition
Divide WEB flow to let pass to server, eliminates influence of the WEB application fire wall performance problem to client's WEB service.
In a first aspect, the embodiment of the invention provides a kind of safety protecting method based on WEB application firewall overload, packet
It includes:
Monitor the system resource of WEB application firewall;
According to the use state of system resource, judgement leads to the target service processing module of system resource exception;Target industry
Processing module of being engaged in includes: at least one of bridge modules and WEB proxy module;
Adjustment instruction is sent to bypass interface corresponding with target service processing module, so that bypass interface is to exceeding
The partial discharge of WEB application firewall processing capacity is let pass.
With reference to first aspect, the embodiment of the invention provides the first possible embodiments of first aspect, wherein root
According to the use state of system resource, judge to cause the step of target service processing module of system resource exception is bridge modules,
Include:
Obtain the index value of system resource;Index value includes at least following one: concurrent connection number, newly-built connection speed,
Handling capacity;
When at least one of index value is more than corresponding preset threshold, judgement leads to the target service of system resource exception
Processing module is bridge modules.
With reference to first aspect, the embodiment of the invention provides second of possible embodiments of first aspect, wherein root
According to the use state of system resource, judge the target service processing module for leading to system resource exception as the step of WEB proxy module
Suddenly, comprising:
Obtain cpu load value and memory memory value;
When any one of cpu load value and memory memory value are more than corresponding preset threshold, judgement causes system to provide
The target service processing module of source exception is WEB proxy module.
With reference to first aspect, the embodiment of the invention provides the third possible embodiments of first aspect, wherein net
The first configuration file is provided in bridge module;Index value threshold value is written for user in first configuration file;Index value includes: concurrent
Connection number, newly-built connection speed and handling capacity.
With reference to first aspect, the embodiment of the invention provides the 4th kind of possible embodiments of first aspect, wherein
The second configuration file is provided in WEB proxy module;Cpu load value threshold value, memory is written for user in second configuration file
The instruction that memory value threshold value and bypass are executed configures content.
Second aspect, the embodiment of the present invention also provide a kind of safety device based on WEB application firewall overload, packet
It includes:
Monitoring module, for monitoring the system resource of WEB application firewall;
Judgment module, for the use state according to system resource, judgement causes at the target service of system resource exception
Manage module;Target service processing module includes: at least one of bridge modules and WEB proxy module;
Module is adjusted, for sending adjustment instruction to bypass interface corresponding with target service processing module, to super
The partial discharge of WEB application firewall processing capacity is let pass out.
In conjunction with second aspect, the embodiment of the invention provides the first possible embodiments of second aspect, wherein sentences
Disconnected module includes:
First obtains module, for obtaining the index value of system resource;Index value includes at least following one: concurrently connecting
Number, newly-built connection speed, handling capacity;
First judgment module, for when at least one of index value is more than corresponding preset threshold, judgement to lead to system
The target service processing module of resource exception is bridge modules.
In conjunction with second aspect, the embodiment of the invention provides second of possible embodiments of second aspect, wherein sentences
Disconnected module further include:
Second obtains module, for obtaining cpu load value and memory memory value;
Second judgment module, for being more than corresponding preset threshold in any one of cpu load value and memory memory value
When, judge to cause the target service processing module of system resource exception as WEB proxy module.
The third aspect, the embodiment of the present invention also provide a kind of electronic equipment, including memory, processor, deposit on memory
The computer program that can be run on a processor is contained, processor realizes above-mentioned first aspect and first when executing computer program
The step of method described in any possible embodiment of aspect.
Fourth aspect, the embodiment of the present invention also provide a kind of meter of non-volatile program code that can be performed with processor
Calculation machine readable medium, program code execute processor described in any possible embodiment of first aspect and first aspect
Method.
The embodiment of the present invention bring it is following the utility model has the advantages that
Safety protecting method provided in an embodiment of the present invention based on WEB application firewall overload includes: monitoring WEB application
The system resource of firewall;According to the use state of system resource, judgement causes the target service of system resource exception to handle mould
Block;Target service processing module includes: at least one of bridge modules and WEB proxy module;To with target service processing module
Corresponding bypass interface sends adjustment instruction, so that bypass interface is to the part for exceeding WEB application firewall processing capacity
Flow is let pass.The present invention is by monitoring system resource service condition, before resource exhaustion, to corresponding business processing mould
The bypass interface of block is adjusted, so that the part WEB flow that will exceed processing capacity is let pass to server, can be eliminated
Influence of the WEB application fire wall performance problem to client's WEB service.
Other features and advantages of the present invention will illustrate in the following description, also, partly become from specification
It obtains it is clear that understand through the implementation of the invention.The objectives and other advantages of the invention are in specification, claims
And specifically noted structure is achieved and obtained in attached drawing.
To enable the above objects, features and advantages of the present invention to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate
Appended attached drawing, is described in detail below.
Detailed description of the invention
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art
Embodiment or attached drawing needed to be used in the description of the prior art be briefly described, it should be apparent that, it is described below
Attached drawing is some embodiments of the present invention, for those of ordinary skill in the art, before not making the creative labor
It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 is a kind of stream for safety protecting method based on WEB application firewall overload that the embodiment of the present invention one provides
Cheng Tu;
Fig. 2 is another safety protecting method based on WEB application firewall overload that the embodiment of the present invention one provides
Flow chart;
Fig. 3 is another safety protecting method based on WEB application firewall overload that the embodiment of the present invention one provides
Flow chart;
Fig. 4 is a kind of showing for safety device based on WEB application firewall overload provided by Embodiment 2 of the present invention
It is intended to;
Fig. 5 is the schematic diagram for a kind of electronic equipment that the embodiment of the present invention three provides.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with attached drawing to the present invention
Technical solution be clearly and completely described, it is clear that described embodiments are some of the embodiments of the present invention, rather than
Whole embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise
Under every other embodiment obtained, shall fall within the protection scope of the present invention.
Since WEB application firewall node performance is insufficient, the matters of aggravation that usually will cause service disconnection occurs, and influences visitor
The WEB service at family.Based on this, the embodiment of the present invention provide it is a kind of based on WEB application firewall overload safety protecting method, dress
It sets and electronic equipment, by monitoring system resource service condition, before resource exhaustion, to corresponding Service Processing Module
Bypass interface is adjusted, so that the part WEB flow that will exceed processing capacity is let pass to server, can be eliminated WEB and be answered
Influence with fire wall performance problem to client's WEB service.
To be prevented based on WEB application one kind disclosed in the embodiment of the present invention first convenient for understanding the present embodiment
The safety protecting method of wall with flues overload describes in detail.
Embodiment one:
The embodiment of the invention provides a kind of safety protecting method based on WEB application firewall overload, i.e. one kind is based on
The security mechanism of WEB application firewall overload.It is shown in Figure 1, method includes the following steps:
S101: the system resource of monitoring WEB application firewall.
In a particular application, service traffics are inside WEB application firewall, mainly by bridge modules (such as webstat),
Tri- WEB proxy module (such as webproxy), apache/nginx modules.When service traffics are excessive, three modules by CPU or
Memory source exhausts.Therefore, the thinking solved the problems, such as is before WEB application firewall resources exhaust, to will exceed processing capacity
Partial discharge let pass.Specifically, monitoring the system resource of WEB application firewall, i.e. CPU and memory first.
S102: according to the use state of system resource, judgement leads to the target service processing module of system resource exception.
Wherein, target service processing module includes: at least one of bridge modules and WEB proxy module.Monitoring WEB
After the use state of the system resource of application firewall, further according to use state, judgement leads to the target industry of resource exception
Business processing module, so that the bypass interface to the target service processing module for causing system resource exception is adjusted.Work as CPU
When will be used up with memory, it can be determined that go out system resource and be abnormal, specifically according to use state, judgement causes resource different
The process of normal target service processing module includes at least following two situation:
(1) according to the use state of system resource, judge to cause the target service processing module of system resource exception as net
The step of bridge module, specifically includes following steps, shown in Figure 2:
S201: the index value of system resource is obtained;Index value includes at least following one: concurrent connection number, newly-built connection
Rate, handling capacity.
S202: when at least one of index value is more than corresponding preset threshold, judgement leads to the mesh of system resource exception
Mark Service Processing Module is bridge modules.
Under king-sized concurrent, newly-built flow, bridge modules performance itself may be insufficient;Thus, it is necessary in bridge
Overload bypass function is provided in module, is used for skip detection engine, directly access protection website, will exceed system processing capacity
Connection it is direct two layers forwarding.
System processing capacity specifically how is seen if fall out, the present embodiment mainly uses three static indexs, comprising:
Concurrent connection number, newly-built connection speed, handling capacity.When these three indexs are any exceeds corresponding preset threshold, determine current
Flow exceeds system processing capacity, i.e. WEB application firewall is powerless.
Later, if it is decided that WEB application firewall at this time is powerless, then by current this connection bypass,
Otherwise normal agency;It should be noted that being bypass or normal agency, this direction, it is necessary to as unit of connection, without
It can be as unit of packet, that is, all packets during a connection continues, regardless of system mode changes, in this connection
Unified direction must be taken.
In addition, bridge modules also provide three proc files, i.e. the first configuration file, three fingers are respectively written into for User space
Target value is respectively as metrics-thresholds:
A. concurrent connection number/waf/conn_limit;
B. connection speed/waf/freq_limit is created;
C. handling capacity/waf/throughput_limit.
It should be noted that reading configuration when bridge modules starting, configuration is not received during bridge modules operation and is rewritten.
(2) according to the use state of system resource, judge to cause the target service processing module of system resource exception as WEB
The step of proxy module, specifically includes following steps, shown in Figure 3:
S301: cpu load value and memory memory value are obtained.
The second configuration file is provided in WEB proxy module;Cpu load value threshold is written for user in second configuration file
The instruction that value, memory memory value threshold value and bypass are executed configures content.
S302: when any one of cpu load value and memory memory value be more than corresponding preset threshold when, judgement cause be
The target service processing module of system resource exception is WEB proxy module.
WEB proxy module supports configuration item to increase, such as:
cpu_load_water<load>
mem_load_water<mem>
By checking following file in real time:
/proc/loadavg
/proc/meminfo
Current CPU load value and memory memory value are obtained, when the two is any is more than the threshold value set in configuration, is sentenced
The disconnected target service processing module for leading to system resource exception is WEB proxy module.WEB proxy module will be connected currently
Otherwise current connection is sent to detecting and alarm by bypass.
In addition to setting cpu load value and memory memory value
cpu_load_water<load>
mem_load_water<mem>
Except, it increases, the instruction configuration item that bypass is executed,
change_backend_overload<from_be><to_be>
Its parameter has two, from_be, to_be
Its significance lies in that specified:
When connection will be sent to rear end from_be, but it creates or concurrently exceeds the upper limit,
Connection is redirected and is sent to rear end to_be.
For example, the profile instance instructed the following are one:
This configuration item of listen inhttp1# needs to be placed in frontend
...
change_backend_overloadrcheckno_check
...
In addition, needing that this configuration item is added in each frontend block, specified relationship:
change_backend_overload rcheck_site_1ncheck_site_1
change_backend_overload rcheck_site_2ncheck_site_2
...
change_backend_overloadrcheckncheck。
S103: adjustment instruction is sent to bypass interface corresponding with target service processing module, so that bypass interface
It lets pass to the partial discharge beyond WEB application firewall processing capacity.
After the target service processing module for determining to cause system resource exception through the above steps, further, to
The corresponding bypass interface of target service processing module sends adjustment instruction, to adjust the state of bypass interface, thus to super
The partial discharge of WEB application firewall processing capacity is let pass out.
Safety protecting method based on WEB application firewall overload provided by the embodiment of the present invention, passes through monitoring system
Resource service condition is adjusted the bypass interface of corresponding Service Processing Module before resource exhaustion, to will surpass
The part WEB flow of processing capacity is let pass to server out, can eliminate WEB application fire wall performance problem to client's WEB industry
The influence of business.
Embodiment two:
The embodiment of the present invention also provides a kind of safety device based on WEB application firewall overload, referring to fig. 4 institute
Show, which includes: monitoring module 41, judgment module 42 and adjustment module 43.
Monitoring module 41, for monitoring the system resource of WEB application firewall;Judgment module 42, for being provided according to system
The use state in source, judgement lead to the target service processing module of system resource exception;Target service processing module includes: bridge
At least one of module and WEB proxy module;Module 43 is adjusted, for connecing to bypass corresponding with target service processing module
Mouth sends adjustment instruction, to let pass to the partial discharge beyond WEB application firewall processing capacity.
Judgment module 42 specifically includes: first obtains module and first judgment module.
Wherein, first module is obtained, for obtaining the index value of system resource;Index value includes at least following one: simultaneously
Send out connection number, newly-built connection speed, handling capacity;First judgment module, for being more than corresponding pre- at least one of index value
If when threshold value, judging to cause the target service processing module of system resource exception as bridge modules.
Moreover, it is judged that module 42 further include: second obtains module and the second judgment module.
Wherein, second module is obtained, for obtaining cpu load value and memory memory value;Second judgment module is used for
When any one of cpu load value and memory memory value are more than corresponding preset threshold, judgement leads to the mesh of system resource exception
Mark Service Processing Module is WEB proxy module.
In safety device based on WEB application firewall overload provided by the embodiment of the present invention, modules with
Therefore the aforementioned safety protecting method technical characteristic having the same based on WEB application firewall overload equally may be implemented
State function.The specific work process of modules is referring to above method embodiment in the present apparatus, and details are not described herein.
Embodiment three:
The embodiment of the present invention provides a kind of electronic equipment, and shown in Figure 5, which includes: processor 50, storage
Device 51, bus 52 and communication interface 53, the processor 50, communication interface 53 and memory 51 are connected by bus 52;Processing
Device 50 is for executing the executable module stored in memory 51, such as computer program.When processor executes computer program
The step of realizing the method as described in embodiment of the method.
Wherein, memory 51 may include high-speed random access memory (RAM, RandomAccessMemory), can also
It can further include nonvolatile memory (non-volatile memory), for example, at least a magnetic disk storage.Pass through at least one
A communication interface 53 (can be wired or wireless) realizes the communication link between the system network element and at least one other network element
It connects, internet, wide area network, local network, Metropolitan Area Network (MAN) etc. can be used.
Bus 52 can be isa bus, pci bus or eisa bus etc..The bus can be divided into address bus, data
Bus, control bus etc..Only to be indicated with a four-headed arrow convenient for indicating, in Fig. 5, it is not intended that an only bus or
A type of bus.
Wherein, memory 51 is for storing program, and the processor 50 executes the journey after receiving and executing instruction
Sequence, method performed by the device that the stream process that aforementioned any embodiment of the embodiment of the present invention discloses defines can be applied to handle
In device 50, or realized by processor 50.
Processor 50 may be a kind of IC chip, the processing capacity with signal.During realization, above-mentioned side
Each step of method can be completed by the integrated logic circuit of the hardware in processor 50 or the instruction of software form.Above-mentioned
Processor 50 can be general processor, including central processing unit (Central Processing Unit, abbreviation CPU), network
Processor (Network Processor, abbreviation NP) etc.;It can also be digital signal processor (Digital Signal
Processing, abbreviation DSP), specific integrated circuit (Application Specific Integrated Circuit, referred to as
ASIC), ready-made programmable gate array (Field-Programmable Gate Array, abbreviation FPGA) or other are programmable
Logical device, discrete gate or transistor logic, discrete hardware components.It may be implemented or execute in the embodiment of the present invention
Disclosed each method, step and logic diagram.General processor can be microprocessor or the processor is also possible to appoint
What conventional processor etc..The step of method in conjunction with disclosed in the embodiment of the present invention, can be embodied directly in hardware decoding processing
Device executes completion, or in decoding processor hardware and software module combination execute completion.Software module can be located at
Machine memory, flash memory, read-only memory, programmable read only memory or electrically erasable programmable memory, register etc. are originally
In the storage medium of field maturation.The storage medium is located at memory 51, and processor 50 reads the information in memory 51, in conjunction with
Its hardware completes the step of above method.
The computer program of safety protecting method based on WEB application firewall overload provided by the embodiment of the present invention produces
Product, the computer readable storage medium including storing the executable non-volatile program code of processor, said program code
Including instruction can be used for executing previous methods method as described in the examples, specific implementation can be found in embodiment of the method, herein
It repeats no more.
It is apparent to those skilled in the art that for convenience and simplicity of description, the device of foregoing description
And the specific work process of electronic equipment, it can refer to corresponding processes in the foregoing method embodiment, details are not described herein.
The flow chart and block diagram in the drawings show multiple embodiment method and computer program products according to the present invention
Architecture, function and operation in the cards.In this regard, each box in flowchart or block diagram can represent one
A part of module, section or code, a part of the module, section or code include it is one or more for realizing
The executable instruction of defined logic function.It should also be noted that in some implementations as replacements, function marked in the box
It can also can occur in a different order than that indicated in the drawings.For example, two continuous boxes can actually be substantially parallel
Ground executes, they can also be executed in the opposite order sometimes, and this depends on the function involved.It is also noted that block diagram
And/or the combination of each box in flow chart and the box in block diagram and or flow chart, it can the function as defined in executing
Can or the dedicated hardware based system of movement realize, or can come using a combination of dedicated hardware and computer instructions real
It is existing.
In the description of the present invention, it should be noted that term " center ", "upper", "lower", "left", "right", "vertical",
The orientation or positional relationship of the instructions such as "horizontal", "inner", "outside" be based on the orientation or positional relationship shown in the drawings, merely to
Convenient for description the present invention and simplify description, rather than the device or element of indication or suggestion meaning must have a particular orientation,
It is constructed and operated in a specific orientation, therefore is not considered as limiting the invention.In addition, term " first ", " second ",
" third " is used for descriptive purposes only and cannot be understood as indicating or suggesting relative importance.
In several embodiments provided herein, it should be understood that disclosed systems, devices and methods, it can be with
It realizes by another way.The apparatus embodiments described above are merely exemplary, for example, the division of the unit,
Only a kind of logical function partition, there may be another division manner in actual implementation, in another example, multiple units or components can
To combine or be desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or beg for
The mutual coupling, direct-coupling or communication connection of opinion can be through some communication interfaces, device or unit it is indirect
Coupling or communication connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product
It is stored in the executable non-volatile computer-readable storage medium of a processor.Based on this understanding, of the invention
Technical solution substantially the part of the part that contributes to existing technology or the technical solution can be with software in other words
The form of product embodies, which is stored in a storage medium, including some instructions use so that
One computer equipment (can be personal computer, server or the network equipment etc.) executes each embodiment institute of the present invention
State all or part of the steps of method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (ROM, Read-
Only Memory), random access memory (RAM, Random Access Memory), magnetic or disk etc. are various can be with
Store the medium of program code.
Finally, it should be noted that embodiment described above, only a specific embodiment of the invention, to illustrate the present invention
Technical solution, rather than its limitations, scope of protection of the present invention is not limited thereto, although with reference to the foregoing embodiments to this hair
It is bright to be described in detail, those skilled in the art should understand that: anyone skilled in the art
In the technical scope disclosed by the present invention, it can still modify to technical solution documented by previous embodiment or can be light
It is readily conceivable that variation or equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make
The essence of corresponding technical solution is detached from the spirit and scope of technical solution of the embodiment of the present invention, should all cover in protection of the invention
Within the scope of.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. a kind of safety protecting method based on WEB application firewall overload characterized by comprising
Monitor the system resource of WEB application firewall;
According to the use state of the system resource, judgement leads to the target service processing module of the system resource exception;Institute
Stating target service processing module includes: at least one of bridge modules and WEB proxy module;
Adjustment instruction is sent to bypass interface corresponding with the target service processing module, so that the bypass interface pair
Partial discharge beyond the WEB application firewall processing capacity is let pass.
2. the method according to claim 1, wherein according to the use state of the system resource, judgement causes
The step of target service processing module of the system resource exception is bridge modules, comprising:
Obtain the index value of system resource;The index value includes at least following one: concurrent connection number, newly-built connection speed,
Handling capacity;
When at least one of described index value is more than corresponding preset threshold, judgement leads to the target of the system resource exception
Service Processing Module is bridge modules.
3. the method according to claim 1, wherein according to the use state of the system resource, judgement causes
The step of target service processing module of the system resource exception is WEB proxy module, comprising:
Obtain cpu load value and memory memory value;
When any one of the cpu load value and the memory memory value are more than corresponding preset threshold, judgement leads to institute
The target service processing module for stating system resource exception is WEB proxy module.
4. the method according to claim 1, wherein being provided with the first configuration file in the bridge modules;Institute
It states the first configuration file and index value threshold value is written for user;The index value include: concurrent connection number, newly-built connection speed and
Handling capacity.
5. the method according to claim 1, wherein being provided with the second configuration file in the WEB proxy module;
The instruction that cpu load value threshold value, memory memory value threshold value and bypass are executed is written for user for second configuration file
Configure content.
6. a kind of safety device based on WEB application firewall overload characterized by comprising
Monitoring module, for monitoring the system resource of WEB application firewall;
Judgment module, for the use state according to the system resource, judgement leads to the target industry of the system resource exception
Business processing module;The target service processing module includes: at least one of bridge modules and WEB proxy module;
Module is adjusted, for sending adjustment instruction to bypass interface corresponding with the target service processing module, to super
The partial discharge of the WEB application firewall processing capacity is let pass out.
7. device according to claim 6, which is characterized in that the judgment module includes:
First obtains module, for obtaining the index value of system resource;The index value includes at least following one: concurrently connecting
Number, newly-built connection speed, handling capacity;
First judgment module, for when at least one of described index value is more than corresponding preset threshold, judgement to cause described
The target service processing module of system resource exception is bridge modules.
8. device according to claim 6, which is characterized in that the judgment module further include:
Second obtains module, for obtaining cpu load value and memory memory value;
Second judgment module, for being more than corresponding default in any one of the cpu load value and the memory memory value
When threshold value, judge to cause the target service processing module of the system resource exception as WEB proxy module.
9. a kind of electronic equipment, including memory, processor, be stored on the memory to run on the processor
Computer program, which is characterized in that the processor realizes that the claims 1 to 5 are any when executing the computer program
The step of method described in item.
10. a kind of computer-readable medium for the non-volatile program code that can be performed with processor, which is characterized in that described
Program code makes the processor execute the method described in any one of claim 1 to 5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811206441.1A CN109067807A (en) | 2018-10-16 | 2018-10-16 | Safety protecting method, device and electronic equipment based on WEB application firewall overload |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811206441.1A CN109067807A (en) | 2018-10-16 | 2018-10-16 | Safety protecting method, device and electronic equipment based on WEB application firewall overload |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109067807A true CN109067807A (en) | 2018-12-21 |
Family
ID=64765146
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811206441.1A Pending CN109067807A (en) | 2018-10-16 | 2018-10-16 | Safety protecting method, device and electronic equipment based on WEB application firewall overload |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109067807A (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110855796A (en) * | 2019-11-22 | 2020-02-28 | 北京浪潮数据技术有限公司 | Cloud platform web protection method, system, equipment and computer medium |
CN111314290A (en) * | 2019-12-30 | 2020-06-19 | 北京长亭未来科技有限公司 | Method and device for protecting continuity of WEB application firewall service and electronic equipment |
CN111368301A (en) * | 2020-03-03 | 2020-07-03 | 深信服科技股份有限公司 | Virus checking and killing method, device, equipment and readable storage medium |
CN111970303A (en) * | 2020-08-28 | 2020-11-20 | 杭州安恒信息技术股份有限公司 | Business site mode switching method and device and computer readable storage medium |
CN112165460A (en) * | 2020-09-10 | 2021-01-01 | 杭州安恒信息技术股份有限公司 | Flow detection method and device, computer equipment and storage medium |
CN112165450A (en) * | 2020-08-27 | 2021-01-01 | 杭州安恒信息技术股份有限公司 | Safety protection method and device for WEB application firewall and electronic device |
CN113691517A (en) * | 2021-08-17 | 2021-11-23 | 北京天融信网络安全技术有限公司 | Communication management method, device, equipment and medium for bypass |
CN114546498A (en) * | 2021-12-31 | 2022-05-27 | 广州芯德通信科技股份有限公司 | Method, system and platform for processing abnormal starting based on optical transmitter and receiver |
CN114640700A (en) * | 2020-11-30 | 2022-06-17 | 腾讯科技(深圳)有限公司 | Calling frequency control method and device |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101060531A (en) * | 2007-05-17 | 2007-10-24 | 华为技术有限公司 | A method and device for avoiding the attack of network equipment |
CN101102264A (en) * | 2006-07-04 | 2008-01-09 | 华为技术有限公司 | Ethernet data forwarding method and Ethernet system |
CN101483655A (en) * | 2009-02-10 | 2009-07-15 | 杭州华三通信技术有限公司 | Packet transmission method and proxy device for Internet group management protocol |
CN101626402A (en) * | 2009-08-10 | 2010-01-13 | 杭州华三通信技术有限公司 | Distributed equipment and three-layered agency retransmission method thereof |
CN104518897A (en) * | 2013-09-30 | 2015-04-15 | 中国电信股份有限公司 | Resource management optimization processing method and resource management optimization processing device for virtual firewalls |
CN105208685A (en) * | 2015-09-06 | 2015-12-30 | 杭州敦崇科技股份有限公司 | Proxy AP realization method |
CN106789981A (en) * | 2016-12-07 | 2017-05-31 | 北京奇虎科技有限公司 | Flow control methods, apparatus and system based on WAF |
US20180176826A1 (en) * | 2013-07-08 | 2018-06-21 | Samsung Electronics Co., Ltd | Apparatus and method for controlling control overload in wlan systems |
-
2018
- 2018-10-16 CN CN201811206441.1A patent/CN109067807A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101102264A (en) * | 2006-07-04 | 2008-01-09 | 华为技术有限公司 | Ethernet data forwarding method and Ethernet system |
CN101060531A (en) * | 2007-05-17 | 2007-10-24 | 华为技术有限公司 | A method and device for avoiding the attack of network equipment |
CN101483655A (en) * | 2009-02-10 | 2009-07-15 | 杭州华三通信技术有限公司 | Packet transmission method and proxy device for Internet group management protocol |
CN101626402A (en) * | 2009-08-10 | 2010-01-13 | 杭州华三通信技术有限公司 | Distributed equipment and three-layered agency retransmission method thereof |
US20180176826A1 (en) * | 2013-07-08 | 2018-06-21 | Samsung Electronics Co., Ltd | Apparatus and method for controlling control overload in wlan systems |
CN104518897A (en) * | 2013-09-30 | 2015-04-15 | 中国电信股份有限公司 | Resource management optimization processing method and resource management optimization processing device for virtual firewalls |
CN105208685A (en) * | 2015-09-06 | 2015-12-30 | 杭州敦崇科技股份有限公司 | Proxy AP realization method |
CN106789981A (en) * | 2016-12-07 | 2017-05-31 | 北京奇虎科技有限公司 | Flow control methods, apparatus and system based on WAF |
Non-Patent Citations (3)
Title |
---|
DG瑞恩: "《设备自身安全功能》", 《HTTPS://BLOG.51CTO.COM/U_8239783/1335092》 * |
S00004159: "《USG5300启用UTM过载保护功能有何作用》", 《HTTPS://SUPPORT.HUAWEI.COM/ENTERPRISE/EN/KNOWLEDGE/KB1000009525》 * |
杨飞: "《高校WAF+IPS+漏洞扫描安全防护体系的研究与应用》", 《电子测试》 * |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110855796A (en) * | 2019-11-22 | 2020-02-28 | 北京浪潮数据技术有限公司 | Cloud platform web protection method, system, equipment and computer medium |
CN111314290A (en) * | 2019-12-30 | 2020-06-19 | 北京长亭未来科技有限公司 | Method and device for protecting continuity of WEB application firewall service and electronic equipment |
CN111314290B (en) * | 2019-12-30 | 2022-06-24 | 北京长亭未来科技有限公司 | Method and device for WEB application firewall service continuity protection and electronic equipment |
CN111368301A (en) * | 2020-03-03 | 2020-07-03 | 深信服科技股份有限公司 | Virus checking and killing method, device, equipment and readable storage medium |
CN112165450A (en) * | 2020-08-27 | 2021-01-01 | 杭州安恒信息技术股份有限公司 | Safety protection method and device for WEB application firewall and electronic device |
CN112165450B (en) * | 2020-08-27 | 2023-04-21 | 杭州安恒信息技术股份有限公司 | Security protection method and device for WEB application firewall and electronic device |
CN111970303A (en) * | 2020-08-28 | 2020-11-20 | 杭州安恒信息技术股份有限公司 | Business site mode switching method and device and computer readable storage medium |
CN112165460A (en) * | 2020-09-10 | 2021-01-01 | 杭州安恒信息技术股份有限公司 | Flow detection method and device, computer equipment and storage medium |
CN114640700A (en) * | 2020-11-30 | 2022-06-17 | 腾讯科技(深圳)有限公司 | Calling frequency control method and device |
CN113691517A (en) * | 2021-08-17 | 2021-11-23 | 北京天融信网络安全技术有限公司 | Communication management method, device, equipment and medium for bypass |
CN113691517B (en) * | 2021-08-17 | 2022-11-08 | 北京天融信网络安全技术有限公司 | Communication management method, device, equipment and medium for bypass |
CN114546498A (en) * | 2021-12-31 | 2022-05-27 | 广州芯德通信科技股份有限公司 | Method, system and platform for processing abnormal starting based on optical transmitter and receiver |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109067807A (en) | Safety protecting method, device and electronic equipment based on WEB application firewall overload | |
CN105745870B (en) | Extend operation from for detecting the serial multistage filter flowed greatly removal nose filter to remove stream to realize | |
US11012409B2 (en) | Anomaly detection in a controller area network | |
US9825841B2 (en) | Method of and network server for detecting data patterns in an input data stream | |
CN109194684B (en) | Method and device for simulating denial of service attack and computing equipment | |
JP5673805B2 (en) | Network device, communication system, abnormal traffic detection method and program | |
CN111385121B (en) | Transmission method of operation administration maintenance (iOAM) message and corresponding device | |
CN104424438B (en) | A kind of antivirus file detection method, device and the network equipment | |
CN109309591B (en) | Traffic data statistical method, electronic device and storage medium | |
CN109657463B (en) | Method and device for defending message flooding attack | |
WO2019192133A1 (en) | Electronic apparatus, data link risk pre-warning method, and storage medium | |
CN110457137A (en) | Flow analytic method, device, electronic equipment and computer-readable medium | |
CN112073376A (en) | Attack detection method and device based on data plane | |
US20180167337A1 (en) | Application of network flow rule action based on packet counter | |
CN104184746B (en) | Method and device for processing data by gateway | |
CN108965318A (en) | Detect the method and device of unauthorized access device IP in industrial control network | |
JP6067195B2 (en) | Information processing apparatus, information processing method, and program | |
CN103026679B (en) | Alleviating of the pattern detected in the network equipment | |
CN109361658B (en) | Industrial control industry-based abnormal flow information storage method and device and electronic equipment | |
US9401854B2 (en) | System and method for slow link flap detection | |
CN101272386B (en) | Prefix matching algorithm | |
CN116743406A (en) | Network security early warning method and device, storage medium and computer equipment | |
CN108833282A (en) | Data forwarding method, system, device and SDN switch | |
CN105704057B (en) | The method and apparatus for determining the type of service of burst port congestion packet loss | |
JP2018533327A (en) | Real-time distributed engine framework for Ethernet virtual connectivity |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181221 |
|
RJ01 | Rejection of invention patent application after publication |