CN109379253A - Reverse Proxy method for monitoring abnormality - Google Patents

Reverse Proxy method for monitoring abnormality Download PDF

Info

Publication number
CN109379253A
CN109379253A CN201811300536.XA CN201811300536A CN109379253A CN 109379253 A CN109379253 A CN 109379253A CN 201811300536 A CN201811300536 A CN 201811300536A CN 109379253 A CN109379253 A CN 109379253A
Authority
CN
China
Prior art keywords
reverse proxy
identifier
original link
link
access request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811300536.XA
Other languages
Chinese (zh)
Inventor
林路路
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jianhu Yunfei Data Technology Co Ltd
Original Assignee
Jianhu Yunfei Data Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jianhu Yunfei Data Technology Co Ltd filed Critical Jianhu Yunfei Data Technology Co Ltd
Priority to CN201811300536.XA priority Critical patent/CN109379253A/en
Publication of CN109379253A publication Critical patent/CN109379253A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • H04L43/0817Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/10Active monitoring, e.g. heartbeat, ping or trace-route

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Cardiology (AREA)
  • General Health & Medical Sciences (AREA)
  • Environmental & Geological Engineering (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a kind of Reverse Proxy method for monitoring abnormality.The method uses the access request that original link is sent to Reverse Proxy, and the first identifier that the access request for obtaining Reverse Proxy response original link returns;The second identifier that the access request for sending the access request of more new link to Reverse Proxy, and obtaining Reverse Proxy response more new link returns, wherein original link is identical as the content type of more new link;Judge whether exclusive or processing result and second identifier of the first identifier and the difference symbol are identical;And if it is judged that not identical, it is determined that Reverse Proxy has abnormal mode, has achieved the purpose that monitor Reverse Proxy exception, has improved the accuracy of Reverse Proxy exception monitoring.

Description

Reverse Proxy method for monitoring abnormality
Technical field
The present invention relates to monitoring server fields, in particular to a kind of Reverse Proxy method for monitoring abnormality.
Background technique
The white-box testing for server that the prior art provides is a kind of method for test examples design, box refer to by The software of test carries out coverage test to the logical path in software by checking the logical construction of software inhouse;Program not Checkpoint is set up with place, checks the state of program, to determine whether actual motion state is consistent with expecting state.White-box testing Test method have code check method, static structure analytic approach, rest mass measure, Logic coverage method, basis path testing Method, domain test, sign test, path covering and program mutation.
Using the related content file of white-box testing monitoring Reverse Proxy, whether there is exception in monitoring content file Feature, if any then thinking that it is abnormal that the Reverse Proxy has.But test result shows can during using white-box testing The content file that can monitor mistake, causes missing inspection or false retrieval, so as to cause the problem of exception monitoring result inaccuracy.
Summary of the invention
The embodiment of the invention provides a kind of Reverse Proxy method for monitoring abnormality, to solve to monitor in the prior art The technical problem of Reverse Proxy exception monitoring inaccuracy.
A kind of Reverse Proxy method for monitoring abnormality provided in an embodiment of the present invention, comprising:
The difference symbol for obtaining original link and test file data, adds the test file in the original link The difference of data accords with, and obtains more new link;
The access request that original link is sent to Reverse Proxy, the letter returned according to the Reverse Proxy Breath code is confirmed whether original link described in successful access, when access successfully, obtains the of Reverse Proxy transmission One identifier, first identifier are used to determining that the Reverse Proxy to respond the access request and returned content Type;
When the corresponding original identifier of first identifier and the original link is identical, to Reverse Proxy The access request for sending more new link obtains the second identifier that the Reverse Proxy is sent, institute when accessing successfully The second identifier is stated for determining that the Reverse Proxy responds the type of the access request and returned content;
When first identifier and the exclusive or processing result and not identical second identifier of the difference symbol, really The fixed Reverse Proxy is abnormal.
Preferably, obtaining the first identifier that Reverse Proxy response original link returns includes:
Obtain the data packet that the Reverse Proxy returns;
The data packet is parsed, http head response is obtained;
Search the content type field in the http head response;And
First identifier in the http head response is read according to the content type field.
In embodiments of the present invention, it the embodiment of the invention provides a kind of Reverse Proxy method for monitoring abnormality, adopts With to Reverse Proxy send original link access request, and obtain Reverse Proxy response original link visit Ask the first identifier that request returns;The access request of more new link is sent to Reverse Proxy, and obtains reverse proxy Server responds the second identifier that the access request of more new link returns, wherein the content class of original link and more new link Type is identical;Judge whether exclusive or processing result and second identifier of the first identifier and the difference symbol are identical;And If it is judged that not identical, it is determined that Reverse Proxy has abnormal mode, and it is different to have reached monitoring Reverse Proxy Normal purpose improves the accuracy of Reverse Proxy exception monitoring.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present invention, constitutes part of this application, this hair Bright illustrative embodiments and their description are used to explain the present invention, and are not constituted improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart of Reverse Proxy method for monitoring abnormality according to an embodiment of the present invention.
Specific embodiment
In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only The embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people The model that the present invention protects all should belong in member's every other embodiment obtained without making creative work It encloses.
As shown in Figure 1, the embodiment of the invention provides a kind of Reverse Proxy method for monitoring abnormality, comprising:
Step 1: the difference symbol of original link and test file data is obtained, in the original link described in addition The difference of test file data accords with, and obtains more new link.
Reverse Proxy is a high performance web server, using very extensive, is not only often used as anti- It, can also the extraordinary operation for supporting PHP to agency.But there are a more serious safety problem in the server, It may cause the parsing any kind of file in a manner of php of server mistake under default situations, so that disliking The attacker of meaning runs malicious file possibly also with the exception in a manner of php, to capture the reverse proxy service for supporting php Device.
The access request of original link is sent to Reverse Proxy, server receives the access request of original link Later, the access request of original link is responded, obtains the first identifier returned by Reverse Proxy, this first Identifier is the content type obtained by parsing original link.
Different webpages is accessed by original link and returns to different content types, is schemed for example, being accessed by original link Piece file, the then content type returned are image/gpeg, access txt file, the then content type returned by original link For text/plain.Therefore, after the access request for sending original link to server, it will receive first from server Identifier, first identifier are the content types for the original link sent.
Step 2: the access request of original link is sent to Reverse Proxy, according to the Reverse Proxy The information code of return is confirmed whether original link described in successful access, when accessing successfully, obtains the Reverse Proxy The first identifier sent, first identifier is for determining that the Reverse Proxy responds the access request and returns Return the type of content.
Step 3: when the corresponding original identifier of first identifier and the original link is identical, to reversed generation The access request that server sends more new link is managed, when accessing successfully, obtains the Reverse Proxy is sent second Identifier, second identifier is for determining that the Reverse Proxy responds the class of the access request and returned content Type.
After the access request for sending more new link to Reverse Proxy, Reverse Proxy response is obtained more The second identifier that the access request of new link returns, the second identifier are the content class by updating the file of links and accesses Type.Wherein, the content type of original link is identical as the content type of more new link, i.e., is sending out respectively to Reverse Proxy After sending original link and more new link, the content type for the original link that Reverse Proxy returns and the content of more new link Type should be identical.
Step 4: when first identifier distinguishes the exclusive or processing result accorded with and second identifier not phase with described Meanwhile determining that the Reverse Proxy is abnormal.
Judge whether exclusive or processing result and second identifier of the first identifier and the difference symbol are identical.Due to There is parsing exception in Reverse Proxy, mistake can occur when parsing SCRIPT_FILENAME, lead to the script name extracted Mistake.The script name extracted by response original link and when responding more new link can determine that original link and response update chain The content type connect, content type corresponding to the original link and more new link pass through the first identifier and the second identifier Characterization judges the first identifier and the exclusive or processing result of the difference symbol is with second identifier in the present embodiment It is no identical, come judge extract script name whether mistake, thus judge the first identifier and it is described difference accord with exclusive or at Managing result, whether same server is with the presence or absence of abnormal with second identifier.
Through the foregoing embodiment, the identical original link of content type and more new link are sent respectively to server, then The first identifier and the second identifier that Reverse Proxy returns are obtained respectively, since in Reverse Proxy, there are different Chang Shihui extracts the script name of mistake and causes the content type returned different, so by judging the first identifier and the area The exclusive or processing result that does not accord with and whether second identifier identical judges whether Reverse Proxy has exception, i.e., In the first identifier and not identical the second identifier of return, it is abnormal to determine that Reverse Proxy has.The reverse proxy Server exception monitoring method returns to wrong content type when having exception using Reverse Proxy, by judging content It is abnormal that type determines that Reverse Proxy has, to improve the accuracy of Reverse Proxy exception monitoring.
In order to utilize the first identifier and area when the content type of original link is identical as the content type of more new link It is abnormal that the exclusive or processing result not accorded with judges that Reverse Proxy has with the second identifier difference, then needs to guarantee repeatedly The content type returned when requesting access to original link to Reverse Proxy is identical, just can ensure that different by both judgements To determine that when Reverse Proxy has abnormal, there is the consistent network address of content type abnormal, repeatedly access returns That is resource-type network address, such as access the network address of picture file, JS file network address, css file network address and The network address of text file.Wherein, the content type for accessing the network address return of picture file is image/gpeg, access The content type that JS file network address returns is text/javascripe, the content that the network address of access css file returns Type is text/css, and the content type that the network address of access text file returns is text/plain.
If original link is such as: www.123456789/12345.txt obtains the difference symbol of test file data, wherein The file type of test file data is different from the file type accessed by original link, and test file data are raw chains Connect the file being not present in corresponding webpage.The difference symbol that test file data are added in original link, obtains more new link.
In order to distinguish by Reverse Proxy return content type belong to original link content type or Belonging to the content type of more new link, the file type of test file data is different from the file type that original link accesses, After the difference symbol for adding the test file data in original link, more new link is obtained.In order to avoid more new link is able to access that True file and to judge that Reverse Proxy has abnormal erroneous judgement, test file data using the content type of return It is the file being not present in the corresponding webpage of original link, i.e., when Reverse Proxy is without exception, issues original link Access request and more new link access request, Reverse Proxy return content type it is identical.
Original link is www.123456789/12345.txt, and the file difference symbol of addition is dfg.php, then updating It is linked as www.123456789/12345.txt/dfg.php.It is only a file since dfg.php is the file being not present Difference symbol, the SCRIPT_FILENAME that original link and more new link extract be respectively/scripts/12345.txt with/ Scripts/12345.txt/dfg.php, therefore Reverse Proxy is directed to what the SCRIPT_FILENAME extracted was returned Content type is respectively text/plain and text/html, i.e., original link is different with the content type of more new link, to sentence Disconnected Reverse Proxy out has exception.
Through the foregoing embodiment, a file type difference is added in original link and is corresponded in webpage in original link There is no the differences of the file of file to accord with, to guarantee the content of more new link and original link after test file data difference symbol Type is identical, determines that Reverse Proxy has so as to the content type difference returned according to Reverse Proxy It is abnormal, and then ensure that the accuracy of monitoring Reverse Proxy exception.
In order to improve the efficiency of exception monitoring on the basis of improving monitoring Reverse Proxy exception accuracy, Before obtaining the first identifier that Reverse Proxy response original link returns, the Reverse Proxy exception monitoring side Method further include: check the information code that Reverse Proxy returns.And the request of access original link is judged according to information code Whether succeed, wherein if the request success of access original link, obtains the visit of Reverse Proxy response original link It asks the first identifier that request returns, if the request of access original link is unsuccessful, terminates to monitor.
Usually after server receives access request, meeting return information code (http status code) first, with Inform whether visitor accesses success, after return information code is successfully, Reverse Proxy responds access request, if letter Breath code is shown as mistake, then is no longer monitored.
In this embodiment, if the information code returned is that server successfully returns to webpage, server successfully returns to net Page obtains the first identifier that the access request of Reverse Proxy response original link returns, such as after requesting successfully The request that fruit accesses original link is unsuccessful, then terminating monitoring, (server successfully returns in Reverse Proxy return information code Return webpage) after, the first identifier is obtained, if non-return information code is to prompt to request successfully to terminate exception monitoring, at this , at this time may be abnormal for Reverse Proxy since server does not return to the successful information code of request during a, continue into Row exception monitoring is likely to occur error result.
In order to improve the efficiency of exception monitoring on the basis of improving monitoring Reverse Proxy exception accuracy, After obtaining the first identifier that Reverse Proxy response original link returns, Reverse Proxy method for monitoring abnormality Further include:
Whether the first identifier for judging that Reverse Proxy returns is consistent with the content type of original link.If the One identifier content type corresponding with original link is consistent, then requests access to more new link.If Reverse Proxy returns The content type of the content type webpage corresponding with original link returned is inconsistent, then terminates to monitor.
If the first identifier that Reverse Proxy returns is consistent with the content type of original link, it is determined that reversed Proxy server is in normal operating condition, and without exception, reverse proxy is carried out under the conditions of Reverse Proxy is normal The monitoring of server exception just can guarantee that the result of monitoring is correct, therefore, in the first identifier that Reverse Proxy returns When consistent with the content type of original link, determination requests access to more new link, if the first of Reverse Proxy return The content type of identifier and original link is inconsistent, it is determined that Reverse Proxy is abnormal, is no longer monitored.
The exception monitoring of Reverse Proxy, ability are carried out under conditions of guaranteeing Reverse Proxy normal operation Guarantee that monitoring result can correctly reflect whether Reverse Proxy has exception, therefore, the reverse proxy of the embodiment takes Business device method for monitoring abnormality can not only judge the Reverse Proxy from the generation mechanism of Reverse Proxy exception Whether have abnormal, moreover it is possible to judge whether the environment being monitored can guarantee the correct of monitoring result, to improve reversed The accuracy of proxy server exception monitoring.
After determining the first identifier of acquisition, the first identification that Reverse Proxy response original link returns is obtained The method of symbol is as follows: obtaining the data packet for the original link that Reverse Proxy returns.Data packet is parsed, http response is obtained Head.Search the content type field in http head response.The first identification in http head response is read according to content type field Symbol.
The data packet for obtaining the original link that Reverse Proxy returns is stored with reverse proxy clothes in the data packet The first identifier that business device returns, obtains http head response, by http head response after being parsed to the data packet Content type field is searched, and the first identifier is read according to content type field.
For example, searching content type field in http head response, " Content-Type " word is searched in the following Section.
HTTP/1.1 200OK
Server:nginx/0.6.32
Date:Thu,20May 2010 10:05:30GMT
Content-Type:text/plain
After above content finds Content-Type field, reading the content type in the field is " text/ Plain ", the text/plain " of reading are the first identifier.
Similarly, when obtaining the second identifier, also by the data for obtaining the original link that Reverse Proxy returns Packet, and data packet is parsed to obtain http head response, content type field is searched in http head response, and according to content Type field reads the first identifier in http head response.The method of the second identifier is read with the first identifier of reading Method is identical, and this will not be repeated here.
It should be noted that for the various method embodiments described above, for simple description, therefore, it is stated as a series of Combination of actions, but those skilled in the art should understand that, the present invention is not limited by the sequence of acts described because According to the present invention, some steps may be performed in other sequences or simultaneously.Secondly, those skilled in the art should also know It knows, the embodiments described in the specification are all preferred embodiments, and related actions and modules is not necessarily of the invention It is necessary.
Through the above description of the embodiments, those skilled in the art can be understood that according to above-mentioned implementation The method of example can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but it is very much In the case of the former be more preferably embodiment.Based on this understanding, technical solution of the present invention is substantially in other words to existing The part that technology contributes can be embodied in the form of software products, which is stored in a storage In medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can be mobile phone, calculate Machine, server or network equipment etc.) execute method described in each embodiment of the present invention.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered It is considered as protection scope of the present invention.

Claims (2)

1. a kind of Reverse Proxy method for monitoring abnormality characterized by comprising
The difference symbol for obtaining original link and test file data, adds the test file data in the original link Difference symbol, obtain more new link;
The access request that original link is sent to Reverse Proxy, the information code returned according to the Reverse Proxy It is confirmed whether original link described in successful access, when accessing successfully, obtains the Reverse Proxy is sent first and know It does not accord with, first identifier is for determining that the Reverse Proxy responds the class of the access request and returned content Type;
When the corresponding original identifier of first identifier and the original link is identical, sent to Reverse Proxy The access request of more new link obtains the second identifier that the Reverse Proxy is sent when accessing successfully, and described the Two identifiers are for determining that the Reverse Proxy responds the type of the access request and returned content;
When first identifier and the exclusive or processing result and not identical second identifier of the difference symbol, institute is determined State Reverse Proxy exception.
2. Reverse Proxy method for monitoring abnormality according to claim 1, which is characterized in that obtain reverse proxy clothes Business device responds the first identifier that original link returns
Obtain the data packet that the Reverse Proxy returns;
The data packet is parsed, http head response is obtained;
Search the content type field in the http head response;And
First identifier in the http head response is read according to the content type field.
CN201811300536.XA 2018-11-02 2018-11-02 Reverse Proxy method for monitoring abnormality Pending CN109379253A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811300536.XA CN109379253A (en) 2018-11-02 2018-11-02 Reverse Proxy method for monitoring abnormality

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811300536.XA CN109379253A (en) 2018-11-02 2018-11-02 Reverse Proxy method for monitoring abnormality

Publications (1)

Publication Number Publication Date
CN109379253A true CN109379253A (en) 2019-02-22

Family

ID=65397394

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811300536.XA Pending CN109379253A (en) 2018-11-02 2018-11-02 Reverse Proxy method for monitoring abnormality

Country Status (1)

Country Link
CN (1) CN109379253A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113708992A (en) * 2021-08-13 2021-11-26 绿盟科技集团股份有限公司 Reverse proxy test method, device, electronic equipment and storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113708992A (en) * 2021-08-13 2021-11-26 绿盟科技集团股份有限公司 Reverse proxy test method, device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
US9483572B2 (en) Interactivity analyses of web resources based on reload events
CN104573520B (en) The method and apparatus for detecting resident formula cross site scripting loophole
CN101877696B (en) Equipment and method for reconfiguring false response messages under network application environment
CN110719199B (en) Network automatic testing and fault positioning method and device
CN107124430B (en) Page hijacking monitoring method, device, system and storage medium
CN102970282B (en) website security detection system
CN104834588B (en) The method and apparatus for detecting resident formula cross site scripting loophole
CN110287056B (en) Webpage error information acquisition method and device
CN105791261A (en) Detection method and detection device for cross-site scripting attack
CN112653709A (en) Vulnerability detection method and device, electronic equipment and readable storage medium
CN114491560A (en) Vulnerability detection method and device, storage medium and electronic equipment
CN106339379B (en) Website running state monitoring method and device
CN109379253A (en) Reverse Proxy method for monitoring abnormality
CN113868669A (en) Vulnerability detection method and system
CN102684925A (en) Method and device for acquiring internet access source information
CN109934014A (en) A kind of method and terminal detecting resource file correctness
CN102917053B (en) A kind of method, apparatus and system for judging webpage urlrewriting
CN113934617A (en) Data processing method, device, equipment and storage medium
CN115514677B (en) Method and system for server dial testing
CN102801740A (en) Trojan horse virus prevention method and equipment
CN107026854A (en) Validating vulnerability method and device
CN103297480A (en) System and method for automatically detecting application service
CN110521233B (en) Method for identifying interrupt, access point, method for remote configuration, system and medium
CN111026619A (en) Page monitoring method and device and storage medium
CN112446030B (en) Method and device for detecting file uploading vulnerability of webpage end

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20190222

WD01 Invention patent application deemed withdrawn after publication