CN109525586B - Security policy configuration method and device based on URL - Google Patents
Security policy configuration method and device based on URL Download PDFInfo
- Publication number
- CN109525586B CN109525586B CN201811445858.3A CN201811445858A CN109525586B CN 109525586 B CN109525586 B CN 109525586B CN 201811445858 A CN201811445858 A CN 201811445858A CN 109525586 B CN109525586 B CN 109525586B
- Authority
- CN
- China
- Prior art keywords
- http
- url
- http parameter
- security policy
- parameter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0876—Aspects of the degree of configuration automation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The application provides a security policy configuration method and device based on a URL, which are applied to network security equipment connected with a server of a website, and the method comprises the following steps: acquiring a URL and at least one HTTP parameter carried in a received HTTP request message; searching the URL in a security policy library corresponding to the website; if the URL is found in the security policy library, sequentially matching the at least one HTTP parameter with an HTTP parameter set corresponding to the URL in the security policy library, and updating the HTTP parameter set according to the HTTP parameters which are not matched in the at least one HTTP parameter; and if the URL is not found in the security policy library, updating the security policy library according to the URL and the at least one HTTP parameter. By applying the embodiment of the application, the configuration time can be greatly saved, and the configuration efficiency is improved.
Description
Technical Field
The present application relates to the field of network communication technologies, and in particular, to a security policy configuration method and apparatus based on Uniform Resource Locator (URL).
Background
With the increasing social informatization degree, websites are in a relatively open environment such as the internet, because various vulnerabilities are caused by the complexity and diversity of various webpages included in the websites, viruses, trojans and malicious codes are abused on the internet, and hackers invade and tamper the security events of the websites occasionally, the security protection of the websites becomes more and more important.
Generally, a security policy library is adopted to perform security protection on a website, in practical application, the security policy libraries of different websites are usually different, and currently, the security policy library of each website can only be configured manually. The configuration method needs professional technicians to participate, so that the configuration workload is huge, the time consumption is long, and the configuration efficiency is low.
Disclosure of Invention
In view of this, the present application provides a security policy configuration method and apparatus based on URL, so as to solve the problems of huge configuration workload, long time consumption and low configuration efficiency due to the need of professional technical personnel.
Specifically, the method is realized through the following technical scheme:
a security policy configuration method based on URL is applied to network security equipment connected with a server of a website, and the method comprises the following steps:
acquiring a URL and at least one HTTP parameter carried in a received HTTP request message;
searching the URL in a security policy library corresponding to the website;
if the URL is found in the security policy library, sequentially matching the at least one HTTP parameter with an HTTP parameter set corresponding to the URL in the security policy library, and updating the HTTP parameter set according to the HTTP parameters which are not matched in the at least one HTTP parameter;
and if the URL is not found in the security policy library, updating the security policy library according to the URL and the at least one HTTP parameter.
A URL-based security policy configuration apparatus applied to a network security device connected to a server of a website, the apparatus comprising:
the acquisition module is used for acquiring the URL and at least one HTTP parameter carried in the received HTTP request message;
the searching module is used for searching the URL in a security policy library corresponding to the website;
the updating module is used for sequentially matching the at least one HTTP parameter with the HTTP parameter set corresponding to the URL in the security policy library if the URL is found in the security policy library, and updating the HTTP parameter set according to the HTTP parameters which are not matched in the at least one HTTP parameter; and if the URL is not found in the security policy library, updating the security policy library according to the URL and the at least one HTTP parameter.
According to the technical scheme, the URL and the at least one HTTP parameter carried in the HTTP request message can be obtained, and then the security policy library is updated according to the URL and the at least one HTTP parameter, so that the security policy library corresponding to the website can be automatically configured without manual configuration, configuration time can be greatly saved and configuration efficiency can be improved compared with a manual configuration mode.
Drawings
FIG. 1 is a flow chart illustrating a method for configuring a security policy based on a URL according to the present application;
fig. 2 is a flowchart of S13 shown in the present application;
fig. 3 is a flowchart of S14 shown in the present application;
FIG. 4 is a flow chart of an alternative embodiment shown herein;
fig. 5 is a schematic structural diagram of a security policy configuration apparatus based on URL shown in the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
In order to solve the above problem, an embodiment of the present invention provides a security policy configuration method based on a URL, so as to save configuration time and improve configuration efficiency. Referring to fig. 1, fig. 1 is a flowchart of a security policy configuration method based on a URL in the related art shown in this application, and is applied to a network security device connected to a server of a website, where of course, the network security device may also be a module of the server of the website and may be set according to actual needs.
S11: the method includes the steps of obtaining a URL and at least one HTTP parameter carried in a received Hyper Text Transfer Protocol (HTTP) request message.
When a user needs to access a webpage of a certain website, an HTTP request message carrying the URL and HTTP parameters of the webpage is sent through a terminal, the HTTP request message is forwarded through a series of network devices and finally reaches a server of the website, and certainly before being forwarded to the server for processing, the HTTP request message needs to pass through the safety protection of network safety devices.
The network security device can directly acquire the URL and at least one HTTP parameter carried in the HTTP request message.
S12: searching a URL in a security policy library corresponding to the website, and if the URL is searched in the security policy library, executing S13; if no URL is found in the security policy repository, S14 is performed.
The network security device can update a security policy library corresponding to the website while performing security protection, and first searches the acquired URL from the security policy library.
S13: and matching the at least one HTTP parameter with an HTTP parameter set corresponding to the URL in the security policy library in sequence, and updating the HTTP parameter set according to the HTTP parameter which is not matched in the at least one HTTP parameter.
If the URL is found in the security policy library, which indicates that an HTTP request message carrying the URL has been received before, further acquiring an HTTP parameter set corresponding to the URL from the security policy library, matching the acquired at least one HTTP parameter with the HTTP parameter set, and if at least one HTTP parameter has an HTTP parameter which is not matched, updating the HTTP parameter set according to the HTTP parameter which is not matched in the at least one HTTP parameter; of course, if at least one HTTP parameter is matched to the HTTP parameter set, an operation corresponding to the vulnerability type of each HTTP parameter in the at least one HTTP parameter may be executed to perform security protection, and the corresponding operation may be, but is not limited to, message blocking, alarm, push, and the like.
S14: the security policy repository is updated according to the URL and the at least one HTTP parameter.
If the URL is not found in the security policy library, which indicates that the HTTP request message carrying the URL is not received before, the security policy library can be directly updated according to the URL and at least one HTTP parameter.
In the scheme, the URL and the at least one HTTP parameter carried in the HTTP request message can be acquired, and then the security policy library is updated according to the URL and the at least one HTTP parameter, so that the security policy library corresponding to the website can be automatically configured without manual configuration, configuration time can be greatly saved and configuration efficiency can be improved compared with a manual configuration mode.
Referring to fig. 2, the implementation process of updating the HTTP parameter set according to the unmatched HTTP parameter in the at least one HTTP parameter in S13 specifically includes, as shown in fig. 2:
s131: and adding the HTTP parameters which are not matched in the at least one HTTP parameter in the HTTP parameter set.
Since at least one HTTP parameter has an HTTP parameter that is not matched to the HTTP parameter set, it indicates that an HTTP request message carrying the HTTP parameter is not received before, and in order to improve security performance, the HTTP parameter may be added to the HTTP parameter set.
S132: and determining the vulnerability type of the HTTP parameters which are not matched in the at least one HTTP parameter and the corresponding operation.
The vulnerability type of the HTTP parameter that is not matched in the at least one HTTP parameter may be sequentially determined by using an existing vulnerability scanning engine, and an operation corresponding to each vulnerability type may be preset, so that the vulnerability type of the HTTP parameter that is not matched in the at least one HTTP parameter and a corresponding operation may be determined.
S133: and adding vulnerability types and corresponding operations of the HTTP parameters which are not matched in the at least one HTTP parameter in the HTTP parameter set.
Of course, an operation corresponding to the vulnerability type of the HTTP parameter that is not matched in the at least one HTTP parameter may also be executed later to perform security protection, and the corresponding operation may be but not limited to message blocking, alarm, push, and the like.
Through the S131-S133, the security policy library can be more perfected, and the security protection can be better performed on the website.
Referring to fig. 3, the implementation process of updating the security policy repository according to the URL and the at least one HTTP parameter in S14 described above specifically includes, as shown in fig. 3:
s141: and adding the URL and the corresponding HTTP parameter set in the security policy library.
S142: at least one HTTP parameter is added to the set of HTTP parameters.
The HTTP parameter set corresponding to the URL added in S142 is empty, and at least one HTTP parameter needs to be added to the HTTP parameter set.
S143: and determining the vulnerability type and the corresponding operation of each HTTP parameter in the at least one HTTP parameter.
The determination process is referred to as S312, and is not described herein.
S144: and adding the vulnerability type and the corresponding operation of each HTTP parameter in at least one HTTP parameter in the HTTP parameter set.
Of course, the corresponding operation of the vulnerability type of each HTTP parameter in the at least one HTTP parameter may also be performed afterwards, so as to perform security protection, and the corresponding operation may be, but is not limited to, message blocking, alarming, pushing, and the like.
Through the S141-S144, the security policy base can be improved, and the security protection of the website can be better performed.
Referring to fig. 4, an alternative embodiment, as shown in fig. 4, specifically includes:
s41: monitoring whether the update period has expired.
Because the web pages in the website are frequently updated, the HTTP parameters are correspondingly changed, and the vulnerability types and corresponding operations corresponding to the HTTP parameters are also changed, an update period can be set, the security policy library is periodically updated, and after the update period is set, whether the update period expires can be monitored.
S42: and if the updating period is monitored to be expired, re-determining the vulnerability type and the corresponding operation of each HTTP parameter in the HTTP parameter set corresponding to each URL in the security policy library.
The determination method can be referred to as S132, and is not described herein.
And S43, replacing the saved vulnerability type and the corresponding operation in the security policy library with the redetermined vulnerability type and the corresponding operation according to the redetermined vulnerability type and the corresponding operation and the HTTP parameters different from the saved vulnerability type and the corresponding operation in the security policy library.
Through the S41-S43, the safety strategy library of the website can be updated, and more accurate safety protection is ensured.
Referring to fig. 5, fig. 5 is a schematic structural diagram of a URL-based security policy configuration apparatus applied to a network security device connected to a server of a website, where the apparatus includes:
an obtaining module 51, configured to obtain a URL and at least one HTTP parameter carried in a received HTTP request message;
a search module 52, configured to search a URL in a security policy repository corresponding to the website;
an updating module 53, configured to match the at least one HTTP parameter with an HTTP parameter set corresponding to the URL in the security policy library in sequence if the URL is found in the security policy library, and update the HTTP parameter set according to an HTTP parameter that is not matched in the at least one HTTP parameter; and if the URL is not found in the security policy library, updating the security policy library according to the URL and at least one HTTP parameter.
In the scheme, the URL and the at least one HTTP parameter carried in the HTTP request message can be acquired, and then the security policy library is updated according to the URL and the at least one HTTP parameter, so that the security policy library corresponding to the website can be automatically configured without manual configuration, configuration time can be greatly saved and configuration efficiency can be improved compared with a manual configuration mode.
Specifically, the updating module 53 is configured to update the HTTP parameter set according to the HTTP parameter that is not matched in the at least one HTTP parameter, and specifically is configured to:
adding at least one HTTP parameter which is not matched in the HTTP parameter set;
determining vulnerability types and corresponding operations of the HTTP parameters which are not matched in the at least one HTTP parameter;
and adding vulnerability types and corresponding operations of the HTTP parameters which are not matched in the at least one HTTP parameter in the HTTP parameter set.
Specifically, the updating module 53 is configured to update the security policy library according to the URL and the at least one HTTP parameter, and specifically is configured to:
adding a URL and a corresponding HTTP parameter set in a security policy library;
adding at least one HTTP parameter in the HTTP parameter set;
determining the vulnerability type and the corresponding operation of each HTTP parameter in at least one HTTP parameter;
and adding the vulnerability type and the corresponding operation of each HTTP parameter in at least one HTTP parameter in the HTTP parameter set.
In an alternative embodiment, the apparatus further comprises:
the monitoring module is used for monitoring whether the updating period is expired;
the determining module is used for re-determining the vulnerability type and the corresponding operation of each HTTP parameter in the HTTP parameter set corresponding to each URL in the security policy library if the update period is monitored to expire;
and the replacing module is used for replacing the saved vulnerability type and the corresponding operation in the security policy library with the redetermined vulnerability type and the corresponding operation according to the redetermined vulnerability type and the corresponding operation and the HTTP parameters different from the saved vulnerability type and the corresponding operation in the security policy library.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.
Claims (4)
1. A security policy configuration method based on Uniform Resource Locator (URL) is applied to network security equipment connected with a server of a website, and is characterized in that the method comprises the following steps:
acquiring a URL and at least one HTTP parameter carried in a received HTTP request message;
searching the URL in a security policy library corresponding to the website;
if the URL is found in the security policy library, sequentially matching the at least one HTTP parameter with an HTTP parameter set corresponding to the URL in the security policy library, and updating the HTTP parameter set according to the HTTP parameters which are not matched in the at least one HTTP parameter;
if the URL is not found in the security policy library, updating the security policy library according to the URL and the at least one HTTP parameter;
the updating the HTTP parameter set according to the unmatched HTTP parameter of the at least one HTTP parameter specifically includes:
adding unmatched HTTP parameters of the at least one HTTP parameter in the HTTP parameter set;
determining vulnerability types and corresponding operations of the HTTP parameters which are not matched in the at least one HTTP parameter;
adding vulnerability types and corresponding operations of the HTTP parameters which are not matched in the at least one HTTP parameter in the HTTP parameter set;
the updating the security policy repository according to the URL and the at least one HTTP parameter specifically includes:
adding the URL and the corresponding HTTP parameter set in the security policy library;
adding the at least one HTTP parameter in the set of HTTP parameters;
determining the vulnerability type and the corresponding operation of each HTTP parameter in the at least one HTTP parameter;
and adding the vulnerability type and the corresponding operation of each HTTP parameter in the at least one HTTP parameter in the HTTP parameter set.
2. The method of claim 1, further comprising:
monitoring whether the update period expires;
if the updating period is monitored to be expired, re-determining the vulnerability type and the corresponding operation of each HTTP parameter in the HTTP parameter set corresponding to each URL in the security policy library;
and replacing the saved vulnerability type and the corresponding operation in the security policy library with the redetermined vulnerability type and the corresponding operation according to the redetermined vulnerability type and the corresponding operation and the HTTP parameters different from the saved vulnerability type and the corresponding operation in the security policy library.
3. A URL-based security policy configuration apparatus applied to a network security device connected to a server of a website, the apparatus comprising:
the acquisition module is used for acquiring the URL and at least one HTTP parameter carried in the received HTTP request message;
the searching module is used for searching the URL in a security policy library corresponding to the website;
the updating module is used for sequentially matching the at least one HTTP parameter with the HTTP parameter set corresponding to the URL in the security policy library if the URL is found in the security policy library, and updating the HTTP parameter set according to the HTTP parameters which are not matched in the at least one HTTP parameter; if the URL is not found in the security policy library, updating the security policy library according to the URL and the at least one HTTP parameter;
the update module is configured to update the HTTP parameter set according to an HTTP parameter that is not matched in the at least one HTTP parameter, and specifically is configured to:
adding unmatched HTTP parameters of the at least one HTTP parameter in the HTTP parameter set;
determining vulnerability types and corresponding operations of the HTTP parameters which are not matched in the at least one HTTP parameter;
adding vulnerability types and corresponding operations of the HTTP parameters which are not matched in the at least one HTTP parameter in the HTTP parameter set;
the update module is configured to update the security policy repository according to the URL and the at least one HTTP parameter, and is specifically configured to:
adding the URL and the corresponding HTTP parameter set in the security policy library;
adding the at least one HTTP parameter in the set of HTTP parameters;
determining the vulnerability type and the corresponding operation of each HTTP parameter in the at least one HTTP parameter;
and adding the vulnerability type and the corresponding operation of each HTTP parameter in the at least one HTTP parameter in the HTTP parameter set.
4. The apparatus of claim 3, further comprising:
the monitoring module is used for monitoring whether the updating period is expired;
the determining module is used for re-determining the vulnerability type and the corresponding operation of each HTTP parameter in the HTTP parameter set corresponding to each URL in the security policy library if the updating period is monitored to expire;
and the replacing module is used for replacing the saved vulnerability type and the corresponding operation in the security policy library with the re-determined vulnerability type and the corresponding operation according to the re-determined vulnerability type and the corresponding operation and the HTTP parameters different from the saved vulnerability type and the corresponding operation in the security policy library.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811445858.3A CN109525586B (en) | 2018-11-29 | 2018-11-29 | Security policy configuration method and device based on URL |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811445858.3A CN109525586B (en) | 2018-11-29 | 2018-11-29 | Security policy configuration method and device based on URL |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109525586A CN109525586A (en) | 2019-03-26 |
CN109525586B true CN109525586B (en) | 2021-05-28 |
Family
ID=65793922
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811445858.3A Active CN109525586B (en) | 2018-11-29 | 2018-11-29 | Security policy configuration method and device based on URL |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109525586B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110677396A (en) * | 2019-09-16 | 2020-01-10 | 杭州迪普科技股份有限公司 | Security policy configuration method and device |
CN114362978A (en) * | 2020-09-27 | 2022-04-15 | 华为技术有限公司 | XSS attack defense method and related equipment |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7389354B1 (en) * | 2000-12-11 | 2008-06-17 | Cisco Technology, Inc. | Preventing HTTP server attacks |
CN102231745A (en) * | 2011-07-08 | 2011-11-02 | 盛大计算机(上海)有限公司 | Safety system and method for network application |
CN104735074A (en) * | 2015-03-31 | 2015-06-24 | 江苏通付盾信息科技有限公司 | Malicious URL detection method and implement system thereof |
CN105939370A (en) * | 2015-09-15 | 2016-09-14 | 杭州迪普科技有限公司 | Method and device for updating URL library |
-
2018
- 2018-11-29 CN CN201811445858.3A patent/CN109525586B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN109525586A (en) | 2019-03-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108460278B (en) | Threat information processing method and device | |
US11757945B2 (en) | Collaborative database and reputation management in adversarial information environments | |
CN107438079B (en) | Method for detecting unknown abnormal behaviors of website | |
Genge et al. | ShoVAT: Shodan‐based vulnerability assessment tool for Internet‐facing services | |
AU2018208693B2 (en) | A system to identify machines infected by malware applying linguistic analysis to network requests from endpoints | |
US9213832B2 (en) | Dynamically scanning a web application through use of web traffic information | |
US10728216B2 (en) | Web application security architecture | |
US8051207B2 (en) | Inferring server state in s stateless communication protocol | |
US20170116421A1 (en) | Security vulnerabilities | |
US9584541B1 (en) | Cyber threat identification and analytics apparatuses, methods and systems | |
CN105491053A (en) | Web malicious code detection method and system | |
CN110535806B (en) | Method, device and equipment for monitoring abnormal website and computer storage medium | |
CN113259392B (en) | Network security attack and defense method, device and storage medium | |
US20170289283A1 (en) | Automated dpi process | |
US20230008173A1 (en) | System and method for detection and mitigation of data source compromises in adversarial information environments | |
US10127385B2 (en) | Automated security vulnerability exploit tracking on social media | |
US20180316702A1 (en) | Detecting and mitigating leaked cloud authorization keys | |
EP3398311B1 (en) | Method and system for preserving privacy in an http communication between a client and a server | |
CN109525586B (en) | Security policy configuration method and device based on URL | |
US10931688B2 (en) | Malicious website discovery using web analytics identifiers | |
EP3671512B1 (en) | Automated software vulnerability determination | |
WO2021243321A1 (en) | A system and methods for score cybersecurity | |
US11582226B2 (en) | Malicious website discovery using legitimate third party identifiers | |
Lavrenovs et al. | Exploring features of HTTP responses for the classification of devices on the Internet | |
CN113849820A (en) | Vulnerability detection method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |