CN110210231A - A kind of safety protecting method, system, equipment and computer readable storage medium - Google Patents
A kind of safety protecting method, system, equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN110210231A CN110210231A CN201910482080.1A CN201910482080A CN110210231A CN 110210231 A CN110210231 A CN 110210231A CN 201910482080 A CN201910482080 A CN 201910482080A CN 110210231 A CN110210231 A CN 110210231A
- Authority
- CN
- China
- Prior art keywords
- url
- splicing
- exception
- white list
- default white
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
- G06F16/9566—URL specific, e.g. using aliases, detecting broken or misspelled links
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Computer And Data Communications (AREA)
Abstract
This application discloses a kind of safety protecting method, system, equipment and computer readable storage mediums, are applied to WAF, and this method includes the service URL for obtaining downlink;Based on preset rules, the abnormal URL in service URL is obtained;Judge whether exception URL belongs to default white list, presetting includes preset safe URL type in white list;If exception URL is not belonging to default white list, abnormal URL is intercepted;If exception URL belongs to default white list, let pass abnormal URL.Safety protecting method provided by the present application, WAF can be determined as abnormal URL by default white list to avoid by safe URL, reduce identification and intercept the rate of false alarm of traversal attack.A kind of security protection system, equipment and computer readable storage medium provided by the present application also solve the problems, such as relevant art.
Description
Technical field
This application involves technical field of information transmission, more specifically to a kind of safety protecting method, system, equipment
And computer readable storage medium.
Background technique
Current WAF (Web Application Firewall, website application layer intrusion prevention system) for target traversal,
The solution of the traversals such as SQL (Structured Query Language, structured query language) injection loophole attack is logical
Some low orders or high-order rule are crossed to identify and intercept.
However, based in low order or the identification of high-order rule and the URL intercepted, existing in existing method and being not belonging to traverse
The URL of attack namely the rate of false alarm of existing method are higher, after this partial discharge is filtered, can draw to client traffic in search
The popularization held up causes bigger influence.
In conclusion the rate of false alarm for how reducing identification and intercepting traversal attack is that current those skilled in the art urgently solve
Certainly the problem of.
Summary of the invention
The purpose of the application is to provide a kind of safety protecting method, can solve how to reduce to a certain extent identification and
The technical issues of intercepting the rate of false alarm of traversal attack.Present invention also provides a kind of security protection system, equipment and computers can
Read storage medium.
To achieve the goals above, the application provides the following technical solutions:
A kind of safety protecting method is applied to WAF, comprising:
Obtain the service URL of downlink;
Based on preset rules, the abnormal URL in the service URL is obtained;
Judge whether the exception URL belongs to default white list, includes preset safe URL class in the default white list
Type;
If the exception URL is not belonging to the default white list, the exception URL is intercepted;If the exception URL belongs to
The default white list, then let pass the exception URL.
It is preferably, described to judge whether the exception URL belongs to default white list, comprising:
Judge whether the type of the exception URL belongs to directory traversal or SQL injection loophole;
If the type of the exception URL belongs to the target traversal or the SQL injection loophole, the judgement institute is executed
The step of whether abnormal URL belongs to default white list stated.
It is preferably, described to judge whether the exception URL belongs to before default white list, further includes:
Tag resolution is carried out to the HTML in http response, obtains parsing result;
According to the parsing result, obtained downlink URL is filtered, obtains filtering URL;
Request URL is intercepted, interception URL is obtained;
The interception URL and the filtering URL are spliced, splicing URL is obtained;
Judge whether the splicing URL includes target word, described presets white name if so, the splicing URL is added to
Dan Zhong, the target word include that will splice the word that URL is judged to splicing safely URL.
Preferably, described that request URL is intercepted, obtain interception URL, comprising:
When there are first question marks when question mark, determined in the request URL in the request URL;
The position of the last one slash before first question mark is determined as record position;
Intercepting the content that the beginning in the request URL is arrived between the record position is the interception URL.
Preferably, described that request URL is intercepted, obtain interception URL, comprising:
When there is no question mark in the request URL, the position of the last one slash in the request URL is determined as recording
Position;
Intercepting the content that the beginning in the request URL is arrived between the record position is the interception URL.
It is preferably, described to judge whether the splicing URL includes target word, comprising:
Back slash in the splicing URL is replaced with into forward slash, obtains the first splicing URL;
Whether judge in the first splicing URL with parameter;
If the first splicing URL has parameter, to the content in the first splicing URL before first question mark into
Row backtracking process obtains the second splicing URL, and judges whether the second splicing URL includes target word;
If the first splicing URL carries out at backtracking the full content of the first splicing URL without parameter
Reason obtains third splicing URL, and judges whether the third splicing URL includes target word;
Wherein, the backtracking process includes deleting adjacent upper level catalogue and the first symbol, double slashes being replaced with list
Slash deletes the second symbol;First symbol includes two point symbols and a slash;Second symbol includes a point
Symbol and a slash.
Preferably, the target word includes target traversal keyword and SQL injection keyword;
The target traversal keyword includes percent symbol, third symbol, and the third symbol includes two point symbols;
The SQL injection keyword includes from, select.
A kind of security protection system is applied to WAF, comprising:
First obtains module, for obtaining the service URL of downlink;
First analysis module obtains the abnormal URL in the service URL for being based on preset rules;
First judgment module is wrapped in the default white list for judging whether the exception URL belongs to default white list
Include preset safe URL type;
First execution module when being not belonging to the default white list for the exception URL, intercepts the exception URL;Institute
When stating abnormal URL and belonging to the default white list, let pass the exception URL.
A kind of safety protection equipment, comprising:
Memory, for storing computer program;
Processor, when for executing the computer program realize as above any safety protecting method the step of.
A kind of computer readable storage medium is stored with computer program in the computer readable storage medium, described
The step of as above any safety protecting method is realized when computer program is executed by processor.
A kind of safety protecting method provided by the present application is applied to WAF, obtains the service URL of downlink;In service URL,
Analysis obtains the abnormal URL for meeting preset rules;Judge whether exception URL belongs to default white list, includes in default white list
Preset safe URL type;If exception URL is not belonging to default white list, abnormal URL is intercepted;If exception URL belong to preset it is white
List, then let pass abnormal URL.Safety protecting method provided by the present application, in the service URL of acquisition, analysis is met WAF
The abnormal URL of preset rules, since preset rules include determining whether that service URL belongs to the rule of abnormal URL, so exception URL is
Abnormal URL in service URL;Judge whether exception URL belongs to default white list later, if it is not, abnormal URL is then intercepted, if so,
Then let pass abnormal URL, due to including preset safe URL type in default white list, so the abnormal URL to let pass is safety
URL, the abnormal URL of interception are unsafe exception URL, it is also possible to it is the safe URL judged by accident, it can be with by default white list
It avoids safe URL being determined as abnormal URL, reduce identification and intercepts the rate of false alarm of traversal attack.One kind provided by the present application
Security protection system, equipment and computer readable storage medium also solve the problems, such as relevant art.
Detailed description of the invention
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
The embodiment of application for those of ordinary skill in the art without creative efforts, can also basis
The attached drawing of offer obtains other attached drawings.
Fig. 1 is a kind of first pass figure of safety protecting method provided by the embodiments of the present application;
Fig. 2 is the organigram that white list is preset in the embodiment of the present application;
Fig. 3 is a kind of structural schematic diagram of security protection system provided by the embodiments of the present application;
Fig. 4 is a kind of structural schematic diagram of safety protection equipment provided by the embodiments of the present application;
Fig. 5 is a kind of another structural schematic diagram of safety protection equipment provided by the embodiments of the present application.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of embodiments of the present application, instead of all the embodiments.It is based on
Embodiment in the application, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall in the protection scope of this application.
Referring to Fig. 1, Fig. 1 is a kind of first pass figure of safety protecting method provided by the embodiments of the present application.
A kind of safety protecting method provided by the embodiments of the present application is applied to WAF, may comprise steps of:
Step S101: the service URL (uniform resource locator) of downlink is obtained.
In practical application, WAF can first obtain the service URL of downlink, and the service URL of downlink refers to that WAF is received and rung
Service URL is obtained after answering web-page requests, correspondingly, the URL in web-page requests is the URL of uplink.
Step S102: being based on preset rules, obtains the abnormal URL in service URL.
In practical application, after obtaining service URL, preset rules can be based on, the abnormal URL in service URL is obtained,
For example can analyze to obtain the abnormal URL for meeting preset rules in service URL, it is different that preset rules include determining whether that service URL belongs to
The rule of normal URL, it is possible to which analysis obtains the abnormal URL in service URL.In concrete application scene, preset rules be can wrap
Low order rule or high-order rule etc. are included, for example it can be snort rule etc..
Step S103: judging whether exception URL belongs to default white list, and presetting includes preset safe URL in white list
Type thens follow the steps S104, if exception URL belongs to default white list, executes if exception URL is not belonging to default white list
Step S105.
In practical application, after analysis obtains abnormal URL, can judge by default white list exception URL whether be
Safe URL.Due to including preset safe URL type in default white list, and exception URL is the exception for meeting preset rules
URL may be unsafe exception URL, it is also possible to be the safe URL of erroneous judgement, so meeting the exception of default white list
URL is the safe URL of preset rules erroneous judgement.
Step S104: exception URL is intercepted.
Step S105: let pass exception URL.
A kind of safety protecting method provided by the present application is applied to WAF, obtains the service URL of downlink;Based on default rule
Then, the abnormal URL in service URL is obtained;Judge whether exception URL belongs to default white list, it includes default for presetting in white list
Safe URL type;If exception URL is not belonging to default white list, abnormal URL is intercepted;If exception URL, which belongs to, presets white name
Single, then let pass abnormal URL.Safety protecting method provided by the present application, WAF are based on preset rules in the service URL of acquisition,
The abnormal URL in service URL is obtained,;Judge whether exception URL belongs to default white list later, if it is not, abnormal URL is then intercepted,
If so, the exception URL that lets pass, due to including preset safe URL type in default white list, so the abnormal URL to let pass is
Safe URL, the abnormal URL of interception are unsafe exception URL, it is also possible to be the safe URL of erroneous judgement, by default white list
It can be determined as abnormal URL to avoid by safe URL, reduce identification and intercept the rate of false alarm of traversal attack.
In practical application, due to the diversity of traversal attack, if being performed both by above-mentioned steps to every a kind of traversal attack,
The more judgement time can be occupied, and accuracy rate promotion is few, judges the time to reduce as far as possible, and keeps judgement
Accuracy rate only can carry out above-mentioned processing to the biggish directory traversal type of False Rate and SQL injection loophole type, then judge different
The process whether normal URL belongs to default white list can be with specifically: judge the type of exception URL whether belong to directory traversal or
SQL injection loophole;If the type of exception URL belongs to target traversal or SQL injection loophole, executes and judge whether exception URL belongs to
In the step of presetting white list.
Referring to Fig. 2, Fig. 2 is the organigram for presetting white list in the embodiment of the present application.
In practical application, the make for presetting white list can be varied, white in order to construct quickly in the application
List, and guarantee the accuracy of default white list, before judging whether exception URL belongs to default white list, can according to
Lower step constructs default white list:
Step S201: in HTTP (-- Hyper Text Transfer Protocol, hypertext transfer protocol) response
HTML (hypertext markup language) carry out tag resolution, obtain parsing result.
In practical application, tag resolution, the description of obtained parsing result first can be carried out to the HTML in http response
It can be refering to table 1.
1 html tag parsing result of table
Step S202: according to parsing result, being filtered obtained downlink URL, obtains filtering URL.
In practical application, the url filtering in obtained downlink URL comprising relative directory can be fallen according to parsing result,
Filtering URL is obtained, for example downlink URL can be filtered according to the domain-name information in parsing result, obtains meeting corresponding field
The filtering URL etc. that name requires, downlink URL belongs to the URL of http response.It is of course also possible to there is other filter methods, the application exists
This is not specifically limited.
Step S203: intercepting request URL, obtains interception URL.
In practical application, request URL refers to the received URL with request effect of WAF.Request URL is intercepted
Process can according to concrete application scene determine.It is inputed to it should be pointed out that request URL involved in the application can be user
The URL of WAF, downlink URL refer to that WAF carries out the URL obtained after the processing such as corresponding retrieval to received request URL;In addition, this
Relationship between downlink URL and service URL involved in applying can determine flexibly according to actual needs, for example downlink URL can be with
Completely the same with service URL, downlink URL also may include service URL and other URL etc..
In concrete application scene, when in request URL there are first question mark that when question mark, can be determined in request URL,
The position of the last one slash before first question mark is determined as record position;Beginning in intercept requests URL is to record position
Content between setting is interception URL.Assuming that request URL is /product/price/index.html? ads=/adb/it-
Yun.html, then intercepting URL is /product/price/.
It, can be by the position of the last one slash in request URL when there is no question mark in request URL in concrete application scene
It sets and is determined as record position;Beginning in intercept requests URL intercepts URL to the content between record position.Assuming that request URL
For/product/price/it-yun.html, then intercepting URL is /product/price/.
Step S204: interception URL and filtering URL are spliced, and obtain splicing URL.
In practical application, after obtaining filtering URL and splicing URL, interception URL and filtering URL can be spliced,
Obtain splicing URL.In concrete application scene, should according to interception URL preceding, the posterior sequential concatenation interception URL of filtering URL and
Filter URL.
Step S205: judge to splice whether URL includes target word, if so, thening follow the steps S206.
Step S206: splicing URL is added in default white list, and target word includes that will splice URL to be judged to spelling safely
Connect the word of URL.
In practical application, target word includes that will splice the word that URL is judged to splicing safely URL, and safety is spliced URL and referred to
It includes target word that type, which is in the splicing URL of safety, namely splicing URL, and splicing URL will be judged as splicing URL safely.
In concrete application scene, judge to splice whether URL includes that the process of target word can be with specifically: will be in splicing URL
Back slash replace with forward slash, obtain the first splicing URL;Whether judge in the first splicing URL with parameter;If the first splicing
URL has parameter, then carries out backtracking process to the content before first question mark in the first splicing URL, obtain the second splicing
URL, and judge whether the second splicing URL includes target word;If the first splicing URL is without parameter, to the first splicing URL's
Full content carries out backtracking process, obtains third splicing URL, and judges whether third splicing URL includes target word;Wherein, it returns
Processing of tracing back includes deleting adjacent upper level catalogue and the first symbol, double slashes being replaced with to monocline thick stick, delete the second symbol;The
One symbol includes two point symbols and a slash;Second symbol includes a point symbol and a slash.With with parameter
Does is one splicing URL /a/b/../index.html? vid=/var/../ac/./cja.js, then it is corresponding second splicing URL be/
A/index.html? vid=/var/../ac/./cja.js;It is /product/ with the first splicing URL without parameter
Price/nice/ab/../ac/ad/./../index.html, then corresponding third splices URL are as follows:/product/price/
nice/ac/index.html。
In practical application, target word may include target traversal keyword and SQL injection keyword;Target traverses keyword
It may include percent symbol, third symbol, third symbol includes two point symbols;SQL injection keyword may include from,
select。
Present invention also provides a kind of security protection systems, with a kind of security protection side provided by the embodiments of the present application
The correspondence effect that method has.Referring to Fig. 3, Fig. 3 is a kind of structural representation of security protection system provided by the embodiments of the present application
Figure.
A kind of security protection system provided by the embodiments of the present application is applied to WAF, may include:
First obtains module 101, for obtaining the service URL of downlink;
First analysis module 102 obtains the abnormal URL in service URL for being based on preset rules;
First judgment module 103, for judging whether abnormal URL belongs to default white list, it includes pre- for presetting in white list
If safe URL type;
First execution module 104 when being not belonging to default white list for abnormal URL, intercepts exception URL;Abnormal URL belongs to
When default white list, let pass exception URL.
A kind of security protection system provided by the embodiments of the present application, is applied to WAF, and first judgment module may include:
First judging unit, for judging whether the type of abnormal URL belongs to directory traversal or SQL injection loophole;If different
The type of normal URL belongs to target traversal or SQL injection loophole, then first judgment module execution is prompted to judge whether exception URL belongs to
In the step of presetting white list.
A kind of security protection system provided by the embodiments of the present application is applied to WAF, can also include:
First parsing module, before judging whether exception URL belongs to default white list for first judgment module, to HTTP
HTML in response carries out tag resolution, obtains parsing result;
First filtering module obtains filtering URL for being filtered to obtained downlink URL according to parsing result;
First interception module obtains interception URL for intercepting to request URL;
First splicing module splices for that will intercept URL and filtering URL, obtains splicing URL;
Second judgment module splices whether URL includes target word for judging, if so, splicing URL is added to default
In white list, target word includes that will splice the word that URL is judged to splicing safely URL.
A kind of security protection system provided by the embodiments of the present application, is applied to WAF, and the first interception module may include:
First determination unit, for when there are first question marks when question mark, determined in request URL in request URL;
Second determination unit, for the position of the last one slash before first question mark to be determined as record position;
First interception unit is interception URL for the beginning in intercept requests URL to the content between record position.
A kind of security protection system provided by the embodiments of the present application, is applied to WAF, and the first interception module may include:
Third determination unit, for when not having question mark in request URL, by the position of the last one slash in request URL
It is determined as record position;
Second interception unit is interception URL for the beginning in intercept requests URL to the content between record position.
A kind of security protection system provided by the embodiments of the present application, is applied to WAF, and the second judgment module may include:
First replacement unit obtains the first splicing URL for the back slash spliced in URL to be replaced with forward slash;
Second judgment unit, for whether judging in the first splicing URL with parameter;
First execution unit, when having parameter for the first splicing URL, before first question mark in the first splicing URL
Content carry out backtracking process, obtain the second splicing URL, and judge second splice URL whether include target word;
Second execution unit when for the first splicing URL without parameter, carries out the full content of the first splicing URL
Backtracking process obtains third splicing URL, and judges whether third splicing URL includes target word;
Wherein, backtracking process include delete adjacent upper level catalogue and the first symbol, double slashes replaced with to monocline thick stick,
Delete the second symbol;First symbol includes two point symbols and a slash;Second symbol includes that a point symbol and one are oblique
Thick stick.
A kind of security protection system provided by the embodiments of the present application, is applied to WAF, and target word includes target traversal keyword
With SQL injection keyword;Target traversal keyword includes percent symbol, third symbol, and third symbol includes two point symbols;
SQL injection keyword includes from, select.
Present invention also provides a kind of safety protection equipment and computer readable storage mediums, all have the application implementation
The correspondence effect that a kind of safety protecting method that example provides has.Referring to Fig. 4, Fig. 4 is one kind provided by the embodiments of the present application
The structural schematic diagram of safety protection equipment.
A kind of safety protection equipment provided by the embodiments of the present application, including memory 201 and processor 202, in memory
It is stored with computer program, processor realizes following steps when executing the computer program stored in memory:
Obtain the service URL of downlink;
Based on preset rules, the abnormal URL in service URL is obtained;
Judge whether exception URL belongs to default white list, presetting includes preset safe URL type in white list;
If exception URL is not belonging to default white list, abnormal URL is intercepted;If exception URL belongs to default white list, put
Row exception URL.
A kind of safety protection equipment provided by the embodiments of the present application, including memory and processor are stored in memory
Computer subprogram, processor are implemented as follows step when executing the computer subprogram stored in memory: judgement is abnormal
Whether the type of URL belongs to directory traversal or SQL injection loophole;If the type of exception URL belongs to target traversal or SQL injection leakage
Hole then executes and the step of whether exception URL belongs to default white list is judged.
A kind of safety protection equipment provided by the embodiments of the present application, including memory and processor are stored in memory
Computer subprogram, processor are implemented as follows step when executing the computer subprogram stored in memory: judgement is abnormal
Whether URL belongs to before default white list, carries out tag resolution to the HTML in http response, obtains parsing result;According to solution
Analysis obtains filtering URL as a result, be filtered to obtained downlink URL;Request URL is intercepted, interception URL is obtained;It will cut
It takes URL and filtering URL to be spliced, obtains splicing URL;Judge to splice whether URL includes target word, if so, URL will be spliced
It is added in default white list, target word includes that will splice the word that URL is judged to splicing safely URL.
A kind of safety protection equipment provided by the embodiments of the present application, including memory and processor are stored in memory
Computer subprogram, processor are implemented as follows step when executing the computer subprogram stored in memory: working as request URL
In there are first question marks when question mark, determined in request URL;The position of the last one slash before first question mark is true
It is set to record position;Beginning in intercept requests URL intercepts URL to the content between record position.
A kind of safety protection equipment provided by the embodiments of the present application, including memory and processor are stored in memory
Computer subprogram, processor are implemented as follows step when executing the computer subprogram stored in memory: working as request URL
In when there is no question mark, the position of the last one slash in request URL is determined as record position;Beginning in intercept requests URL
It is interception URL to the content between record position.
A kind of safety protection equipment provided by the embodiments of the present application, including memory and processor are stored in memory
Computer subprogram, processor are implemented as follows step when executing the computer subprogram stored in memory: will splice URL
In back slash replace with forward slash, obtain the first splicing URL;Whether judge in the first splicing URL with parameter;If first spells
URL is met with parameter, then backtracking process is carried out to the content before first question mark in the first splicing URL, obtains the second splicing
URL, and judge whether the second splicing URL includes target word;If the first splicing URL is without parameter, to the first splicing URL's
Full content carries out backtracking process, obtains third splicing URL, and judges whether third splicing URL includes target word;Wherein, it returns
Processing of tracing back includes deleting adjacent upper level catalogue and the first symbol, double slashes being replaced with to monocline thick stick, delete the second symbol;The
One symbol includes two point symbols and a slash;Second symbol includes a point symbol and a slash.
In a kind of safety protection equipment provided by the embodiments of the present application, target word includes target traversal keyword and SQL note
Enter keyword;Target traversal keyword includes percent symbol, third symbol, and third symbol includes two point symbols;SQL injection
Keyword includes from, select.
Referring to Fig. 5, can also include: and processor in another kind safety protection equipment provided by the embodiments of the present application
The input port 203 of 202 connections is used for transmission the extraneous order inputted to processor 202;The display being connect with processor 202
Unit 204, the processing result for video-stream processor 202 is to the external world;The communication module 205 being connect with processor 202, for real
Existing safety protection equipment and extraneous communication.Display unit 204 can make display etc. for display panel, laser scanning;Communication
Communication mode used by module 205 include but is not limited to mobile high definition chained technology (HML), universal serial bus (USB),
High-definition media interface (HDMI) is wirelessly connected: adopting wireless fidelity technology (WiFi), Bluetooth Communication Technology, low-power consumption bluetooth communication
Technology, the communication technology based on IEEE802.11s.
A kind of computer readable storage medium provided by the embodiments of the present application is stored with meter in computer readable storage medium
Calculation machine program, realizes the step of safety protecting method described in any embodiment as above when computer program is executed by processor
Suddenly.
Computer readable storage medium involved in the application includes random access memory (RAM), memory, read-only memory
(ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technical field
Any other form of storage medium well known to interior.
Relevant portion in a kind of security protection system provided by the embodiments of the present application, equipment and computer readable storage medium
Explanation refer to the detailed description of corresponding part in a kind of safety protecting method provided by the embodiments of the present application, it is no longer superfluous herein
It states.In addition, in above-mentioned technical proposal provided by the embodiments of the present application with to correspond to technical solution realization principle in the prior art consistent
Part and unspecified, in order to avoid excessively repeat.
It should also be noted that, herein, relational terms such as first and second and the like are used merely to one
Entity or operation are distinguished with another entity or operation, without necessarily requiring or implying between these entities or operation
There are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant are intended to contain
Lid non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those
Element, but also including other elements that are not explicitly listed, or further include for this process, method, article or equipment
Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that
There is also other identical elements in process, method, article or equipment including the element.
The foregoing description of the disclosed embodiments makes those skilled in the art can be realized or use the application.To this
A variety of modifications of a little embodiments will be apparent for a person skilled in the art, and the general principles defined herein can
Without departing from the spirit or scope of the application, to realize in other embodiments.Therefore, the application will not be limited
It is formed on the embodiments shown herein, and is to fit to consistent with the principles and novel features disclosed in this article widest
Range.
Claims (10)
1. a kind of safety protecting method, which is characterized in that be applied to WAF, comprising:
Obtain the service URL of downlink;
Based on preset rules, the abnormal URL in the service URL is obtained;
Judge whether the exception URL belongs to default white list, includes preset safe URL type in the default white list;
If the exception URL is not belonging to the default white list, the exception URL is intercepted;If the exception URL belongs to described
Default white list, then let pass the exception URL.
2. judging whether the exception URL belongs to the method according to claim 1, wherein described and presetting white name
It is single, comprising:
Judge whether the type of the exception URL belongs to directory traversal or SQL injection loophole;
If the type of the exception URL belongs to the target traversal or the SQL injection loophole, it is described different to execute the judgement
The step of whether normal URL belongs to default white list.
3. method according to claim 1 or 2, which is characterized in that it is described judge the exception URL whether belong to preset it is white
Before list, further includes:
Tag resolution is carried out to the HTML in http response, obtains parsing result;
According to the parsing result, obtained downlink URL is filtered, obtains filtering URL;
Request URL is intercepted, interception URL is obtained;
The interception URL and the filtering URL are spliced, splicing URL is obtained;
Judge whether the splicing URL includes target word, if so, the splicing URL is added in the default white list,
The target word includes that will splice the word that URL is judged to splicing safely URL.
4. according to the method described in claim 3, obtaining interception URL, packet it is characterized in that, described intercept request URL
It includes:
When there are first question marks when question mark, determined in the request URL in the request URL;
The position of the last one slash before first question mark is determined as record position;
Intercepting the content that the beginning in the request URL is arrived between the record position is the interception URL.
5. according to the method described in claim 3, obtaining interception URL, packet it is characterized in that, described intercept request URL
It includes:
When there is no question mark in the request URL, the position of the last one slash in the request URL is determined as to record position
It sets;
Intercepting the content that the beginning in the request URL is arrived between the record position is the interception URL.
6. according to the method described in claim 3, it is characterized in that, described judge whether the splicing URL includes target word, packet
It includes:
Back slash in the splicing URL is replaced with into forward slash, obtains the first splicing URL;
Whether judge in the first splicing URL with parameter;
If the first splicing URL has parameter, the content before first question mark in the first splicing URL is returned
It traces back processing, obtains the second splicing URL, and judge whether the second splicing URL includes target word;
If the first splicing URL carries out backtracking process without parameter, to the full content of the first splicing URL, obtain
Splice URL to third, and judges whether the third splicing URL includes target word;
Wherein, the backtracking process include delete adjacent upper level catalogue and the first symbol, double slashes replaced with to monocline thick stick,
Delete the second symbol;First symbol includes two point symbols and a slash;Second symbol includes a point symbol
With a slash.
7. according to the method described in claim 3, it is characterized in that, the target word includes target traversal keyword and SQL note
Enter keyword;
The target traversal keyword includes percent symbol, third symbol, and the third symbol includes two point symbols;
The SQL injection keyword includes from, select.
8. a kind of security protection system, which is characterized in that be applied to WAF, comprising:
First obtains module, for obtaining the service URL of downlink;
First analysis module obtains the abnormal URL in the service URL for being based on preset rules;
First judgment module includes pre- in the default white list for judging whether the exception URL belongs to default white list
If safe URL type;
First execution module when being not belonging to the default white list for the exception URL, intercepts the exception URL;It is described different
When normal URL belongs to the default white list, let pass the exception URL.
9. a kind of safety protection equipment characterized by comprising
Memory, for storing computer program;
Processor, realizing the safety protecting method as described in any one of claim 1 to 7 when for executing the computer program
Step.
10. a kind of computer readable storage medium, which is characterized in that be stored with computer in the computer readable storage medium
Program realizes the step of the safety protecting method as described in any one of claim 1 to 7 when the computer program is executed by processor
Suddenly.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910482080.1A CN110210231B (en) | 2019-06-04 | 2019-06-04 | Security protection method, system, equipment and computer readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910482080.1A CN110210231B (en) | 2019-06-04 | 2019-06-04 | Security protection method, system, equipment and computer readable storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110210231A true CN110210231A (en) | 2019-09-06 |
CN110210231B CN110210231B (en) | 2023-07-14 |
Family
ID=67790682
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910482080.1A Active CN110210231B (en) | 2019-06-04 | 2019-06-04 | Security protection method, system, equipment and computer readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110210231B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112019546A (en) * | 2020-08-28 | 2020-12-01 | 杭州安恒信息技术股份有限公司 | Protection strategy adjusting method, system, equipment and computer storage medium |
CN112350992A (en) * | 2020-09-28 | 2021-02-09 | 广东电力信息科技有限公司 | Safety protection method, device, equipment and storage medium based on web white list |
CN114726559A (en) * | 2020-12-22 | 2022-07-08 | 深信服科技股份有限公司 | URL detection method, system, equipment and computer readable storage medium |
CN115022015A (en) * | 2022-05-31 | 2022-09-06 | 中国工商银行股份有限公司 | Method, apparatus, computer device, storage medium and program product for detecting block |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20140042674A (en) * | 2012-09-28 | 2014-04-07 | 가부시키가이샤 디에누에 | Network system and non-transitory computer-readable storage medium |
US20150381654A1 (en) * | 2013-07-05 | 2015-12-31 | Tencent Technology (Shenzhen) Company Limited | Method, device and system for detecting potential phishing websites |
CN105704146A (en) * | 2016-03-18 | 2016-06-22 | 四川长虹电器股份有限公司 | System and method for SQL injection prevention |
WO2016173327A1 (en) * | 2015-04-28 | 2016-11-03 | 北京瀚思安信科技有限公司 | Method and device for detecting website attack |
CN107360162A (en) * | 2017-07-12 | 2017-11-17 | 北京奇艺世纪科技有限公司 | A kind of network application means of defence and device |
US20180041530A1 (en) * | 2015-04-30 | 2018-02-08 | Iyuntian Co., Ltd. | Method and system for detecting malicious web addresses |
CN108173814A (en) * | 2017-12-08 | 2018-06-15 | 深信服科技股份有限公司 | Detection method for phishing site, terminal device and storage medium |
CN108737471A (en) * | 2017-04-20 | 2018-11-02 | 苏宁云商集团股份有限公司 | A kind of Network Access Method and device |
CN109597948A (en) * | 2018-10-17 | 2019-04-09 | 深圳壹账通智能科技有限公司 | Access method, system and the storage medium of URL link |
CN109688137A (en) * | 2018-12-27 | 2019-04-26 | 深信服科技股份有限公司 | A kind of detection method, system and the associated component of SQL injection attack |
CN109768992A (en) * | 2019-03-04 | 2019-05-17 | 深信服科技股份有限公司 | Webpage malicious scanning processing method and device, terminal device, readable storage medium storing program for executing |
-
2019
- 2019-06-04 CN CN201910482080.1A patent/CN110210231B/en active Active
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20140042674A (en) * | 2012-09-28 | 2014-04-07 | 가부시키가이샤 디에누에 | Network system and non-transitory computer-readable storage medium |
US20150381654A1 (en) * | 2013-07-05 | 2015-12-31 | Tencent Technology (Shenzhen) Company Limited | Method, device and system for detecting potential phishing websites |
WO2016173327A1 (en) * | 2015-04-28 | 2016-11-03 | 北京瀚思安信科技有限公司 | Method and device for detecting website attack |
US20180041530A1 (en) * | 2015-04-30 | 2018-02-08 | Iyuntian Co., Ltd. | Method and system for detecting malicious web addresses |
CN105704146A (en) * | 2016-03-18 | 2016-06-22 | 四川长虹电器股份有限公司 | System and method for SQL injection prevention |
CN108737471A (en) * | 2017-04-20 | 2018-11-02 | 苏宁云商集团股份有限公司 | A kind of Network Access Method and device |
CN107360162A (en) * | 2017-07-12 | 2017-11-17 | 北京奇艺世纪科技有限公司 | A kind of network application means of defence and device |
CN108173814A (en) * | 2017-12-08 | 2018-06-15 | 深信服科技股份有限公司 | Detection method for phishing site, terminal device and storage medium |
CN109597948A (en) * | 2018-10-17 | 2019-04-09 | 深圳壹账通智能科技有限公司 | Access method, system and the storage medium of URL link |
CN109688137A (en) * | 2018-12-27 | 2019-04-26 | 深信服科技股份有限公司 | A kind of detection method, system and the associated component of SQL injection attack |
CN109768992A (en) * | 2019-03-04 | 2019-05-17 | 深信服科技股份有限公司 | Webpage malicious scanning processing method and device, terminal device, readable storage medium storing program for executing |
Non-Patent Citations (1)
Title |
---|
徐莺等: "关于渗透测试在Web软件系统安全性测试中的应用研究", 《通信技术》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112019546A (en) * | 2020-08-28 | 2020-12-01 | 杭州安恒信息技术股份有限公司 | Protection strategy adjusting method, system, equipment and computer storage medium |
CN112350992A (en) * | 2020-09-28 | 2021-02-09 | 广东电力信息科技有限公司 | Safety protection method, device, equipment and storage medium based on web white list |
CN114726559A (en) * | 2020-12-22 | 2022-07-08 | 深信服科技股份有限公司 | URL detection method, system, equipment and computer readable storage medium |
CN115022015A (en) * | 2022-05-31 | 2022-09-06 | 中国工商银行股份有限公司 | Method, apparatus, computer device, storage medium and program product for detecting block |
CN115022015B (en) * | 2022-05-31 | 2024-02-20 | 中国工商银行股份有限公司 | Method, apparatus, computer device, storage medium, and program product for detecting seal |
Also Published As
Publication number | Publication date |
---|---|
CN110210231B (en) | 2023-07-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11483332B2 (en) | System and method for cybersecurity analysis and score generation for insurance purposes | |
CN103607385B (en) | Method and apparatus for security detection based on browser | |
CN110210231A (en) | A kind of safety protecting method, system, equipment and computer readable storage medium | |
CN110851839B (en) | Risk-based asset scoring method and system | |
US9231972B2 (en) | Malicious website identifying method and system | |
CN109474640B (en) | Malicious crawler detection method and device, electronic equipment and storage medium | |
US11960604B2 (en) | Online assets continuous monitoring and protection | |
CN110650117B (en) | Cross-site attack protection method, device, equipment and storage medium | |
CN107943949A (en) | A kind of method and server of definite web crawlers | |
CN103812840B (en) | Differentiate the method and system of malice network address | |
WO2015018314A1 (en) | Method, device and system for detecting whether account is stolen | |
CN103856471A (en) | Cross-site scripting attack monitoring system and method | |
CN105022815A (en) | Information interception method and device | |
CN107135199B (en) | Method and device for detecting webpage backdoor | |
CN111030972A (en) | Asset information management and visual display method, device and storage equipment | |
JP5656266B2 (en) | Blacklist extraction apparatus, extraction method and extraction program | |
CN114760144A (en) | Attack defense method based on intelligent non-contact internet security service | |
Malandrino et al. | Supportive, comprehensive and improved privacy protection for web browsing | |
CN110311890B (en) | Visualized attack and defense graph generation method and device, computer equipment and storage medium | |
CN104506529A (en) | Website protection method and device | |
CN104811418A (en) | Virus detection method and apparatus | |
CN109190376A (en) | A kind of Web page wooden horse detecting method, system and electronic equipment and storage medium | |
CN103619012B (en) | Method and system for security assessment of mobile internet | |
CN109981683A (en) | A kind of exchange data access method, system, equipment and computer storage medium | |
CN105740666A (en) | Method and device for identifying on-line operational risk |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB03 | Change of inventor or designer information |
Inventor after: Wei Kaizhi Inventor after: Hu Wenguang Inventor before: Wei Kaizhi |
|
CB03 | Change of inventor or designer information | ||
GR01 | Patent grant | ||
GR01 | Patent grant |