CN111970303B - Business site mode switching method and device and computer readable storage medium - Google Patents

Business site mode switching method and device and computer readable storage medium Download PDF

Info

Publication number
CN111970303B
CN111970303B CN202010888514.0A CN202010888514A CN111970303B CN 111970303 B CN111970303 B CN 111970303B CN 202010888514 A CN202010888514 A CN 202010888514A CN 111970303 B CN111970303 B CN 111970303B
Authority
CN
China
Prior art keywords
service
access
switching
mode
access log
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010888514.0A
Other languages
Chinese (zh)
Other versions
CN111970303A (en
Inventor
吴磊
范渊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
DBAPPSecurity Co Ltd
Original Assignee
DBAPPSecurity Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by DBAPPSecurity Co Ltd filed Critical DBAPPSecurity Co Ltd
Priority to CN202010888514.0A priority Critical patent/CN111970303B/en
Publication of CN111970303A publication Critical patent/CN111970303A/en
Application granted granted Critical
Publication of CN111970303B publication Critical patent/CN111970303B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Debugging And Monitoring (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention discloses a method, a device and a medium for switching a mode of a service site, which are used for switching a web application firewall to an agent mode and adding a service site needing to be protected in the web application firewall. And acquiring access logs corresponding to the service sites. When the number of the service access failures in the target access log meets the preset condition, it is indicated that the web application firewall affects the operation stability of the service site, and at this time, the service site corresponding to the target access log can be switched to a bridge direct-through mode. By monitoring the access logs of each service site, when the number of failed service access logs meets the target access log of the preset condition, the operation mode of the service site corresponding to the target access log is changed in time, so that the stable accessibility of the service site is ensured, and the problems of site service blockage or unstable access caused by the failure of a web application firewall agent are effectively avoided.

Description

Business site mode switching method and device and computer readable storage medium
Technical Field
The invention relates to the technical field of web application firewalls, in particular to a method and a device for switching business site modes and a computer readable storage medium.
Background
With the continuous updating and development of network technology, each large company sets up a company portal or develops a trading platform website, an APP and the like through a development website.
Because the development standards and specifications are not specified in the application layer at present, the thinking and safety awareness of developers are low, and some websites or APPs are developed only to realize the current functions. The problems of compatibility and stability of some proxy software are not well solved, so that when a web application firewall protects the security of an application server, the phenomenon that part of services cannot be normally accessed or are unstable in the access process occurs after the services are processed by using a proxy mode, and serious influence is caused to a client.
Therefore, how to improve the service stability of the application server is a problem to be solved by those skilled in the art.
Disclosure of Invention
Embodiments of the present invention provide a method and an apparatus for switching a service site mode, and a computer-readable storage medium, which can improve service stability of an application server.
To solve the foregoing technical problem, an embodiment of the present invention provides a method for switching a service site mode, including:
switching a web application firewall to an agent mode, and adding a service site needing to be protected in the web application firewall;
acquiring access logs corresponding to the service sites respectively; each access log comprises business access records when the web application firewall provides proxy service;
when the number of service access failures in the target access log meets a preset condition, switching the service site corresponding to the target access log to a bridge direct-through mode; the target access log is any one of all the access logs.
Optionally, when the number of service access failures in the target access log meets a preset condition, switching the service site corresponding to the target access log to a bridge pass-through mode includes:
counting the total number of service access records and the number of service access failures in a target access log in a preset time period;
judging whether the ratio of the number of the service access failures to the total number of the service access records exceeds a preset threshold value or not;
and when the ratio of the number of the service access failures to the total number of the service access records exceeds a preset threshold value, switching the service site corresponding to the target access log to a bridge direct mode.
Optionally, when the number of service access failures in the target access log meets a preset condition, switching the service site corresponding to the target access log to a bridge pass-through mode includes:
judging whether the ratio of the number of the service access failures of the target access log under each level to the total number of the service access records exceeds a preset threshold value; wherein, each hierarchy has a corresponding service access record total number;
and when the ratio of the number of the service access failures at each level to the total number of the service access records exceeds a preset threshold value, switching the service site corresponding to the target access log to a bridge direct mode.
Optionally, when the number of service access failures in the target access log meets a preset condition, after the service site corresponding to the target access log is switched to the bridge direct mode, the method further includes:
and displaying prompt information that the service of the business site corresponding to the web application firewall and the target access log is incompatible.
Optionally, when the number of service access failures in the target access log meets a preset condition, after the service site corresponding to the target access log is switched to the bridge direct mode, the method further includes:
counting the number of service sites switched to a bridge direct mode;
judging whether the ratio of the number of the service sites to the total number of the service sites exceeds a preset limit value or not;
and when the ratio of the number of the service sites to the total number of the service sites exceeds a preset limit value, performing alarm prompt.
The embodiment of the invention also provides a service site mode switching device, which comprises a first switching unit, an adding unit, an acquiring unit and a second switching unit;
the first switching unit is used for switching the web application firewall to a proxy mode;
the adding unit is used for adding a service site needing to be protected in the web application firewall;
the acquiring unit is used for acquiring access logs corresponding to the service sites; each access log comprises business access records when the web application firewall provides proxy service;
the second switching unit is used for switching the service site corresponding to the target access log to a bridge direct-through mode when the number of service access failures in the target access log meets a preset condition; wherein the target access log is any one of all the access logs.
Optionally, the second switching unit includes a statistics subunit, a judgment subunit, and an execution subunit;
the counting subunit is used for counting the total number of the service access records and the number of service access failures in the target access log within a preset time period;
the judging subunit is configured to judge whether a ratio of the number of the service access failures to the total number of the service access records exceeds a preset threshold;
and the execution subunit is configured to switch the service site corresponding to the target access log to a bridge cut-through mode when a ratio of the number of the service access failures to the total number of the service access records exceeds a preset threshold.
Optionally, the second switching unit is specifically configured to determine whether the ratio of the number of service access failures of the target access log at each level to the total number of service access records exceeds a preset threshold; wherein, each hierarchy has a corresponding service access record total number; and when the ratio of the number of the service access failures at each level to the total number of the service access records exceeds a preset threshold value, switching the service site corresponding to the target access log to a bridge direct mode.
Optionally, the device further comprises a display unit;
the display unit is configured to display prompt information that the web application firewall is incompatible with the service of the service site corresponding to the target access log after the service site corresponding to the target access log is switched to a bridge direct mode when the number of service access failures in the target access log meets a preset condition.
Optionally, the system further comprises a statistical unit, a judging unit and a prompting unit;
the statistical unit is used for counting the number of the service sites switched to the bridge direct mode;
the judging unit is used for judging whether the ratio of the number of the service sites to the total number of the service sites exceeds a preset limit value;
and the prompting unit is used for giving an alarm when the ratio of the number of the service sites to the total number of the service sites exceeds a preset limit value.
The embodiment of the present invention further provides a service site mode switching device, including:
a memory for storing a computer program;
a processor for executing the computer program to implement the steps of any of the above-mentioned service site mode switching methods.
An embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the steps of the service site mode switching method are implemented as any one of the above.
According to the technical scheme, the web application firewall is switched to the proxy mode, and the service site needing protection is added into the web application firewall. In order to know the service access situation of the web application firewall agent service site during service provision, the access log corresponding to each service site can be obtained. The processing mode of each access log is similar, taking any one of the access logs, namely a target access log, as an example, when the number of service access failures in the target access log meets a preset condition, it indicates that the web application firewall affects the operation stability of the service site, and at this time, the service site corresponding to the target access log can be switched to a bridge pass-through mode. By monitoring the access logs of each service site, when the number of failed service access logs meets the target access log of the preset condition, the operation mode of the service site corresponding to the target access log is changed in time, so that the service stability and accessibility of the service site are ensured, and the problems of site service unavailability or access instability caused by the failure of a web application firewall agent are effectively avoided.
Drawings
In order to illustrate the embodiments of the present invention more clearly, the drawings that are needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings can be obtained by those skilled in the art without inventive effort.
Fig. 1 is a flowchart of a service site mode switching method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a service site mode switching apparatus according to an embodiment of the present invention;
fig. 3 is a schematic hardware structure diagram of a service site mode switching apparatus according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without any creative work belong to the protection scope of the present invention.
In order that those skilled in the art will better understand the disclosure, the invention will be described in further detail with reference to the accompanying drawings and specific embodiments.
Next, a method for switching a service site mode according to an embodiment of the present invention is described in detail. Fig. 1 is a flowchart of a service site mode switching method according to an embodiment of the present invention, where the method includes:
s101: and switching the web application firewall to a proxy mode, and adding a service site needing protection in the web application firewall.
The web application firewall may proxy the service site in proxy mode.
The Web Application Firewall only protects the service site added to the Web Application Firewall (WAF). Therefore, in practical applications, a service site that needs to be protected can be added to the web application firewall, which can then proxy the service site to provide services in proxy mode.
S102: and acquiring access logs corresponding to the service sites respectively.
In the embodiment of the invention, the access log can be generated by the waf proxy engine by accessing the service site needing to be protected. The access log may be recorded in an access _ input directory, and in practical application, the access log corresponding to each service site may be directly obtained from the access _ input directory.
Wherein, each access log comprises the business access record when the web application firewall provides the proxy service.
S103: and when the number of the service access failures in the target access log meets a preset condition, switching the service site corresponding to the target access log to a bridge direct-through mode.
Each service site has its corresponding access log, and each access log is processed in a similar manner, so in the embodiment of the present invention, an introduction may be developed by taking any one of all access logs, that is, a target access log, as an example.
The number of failed business accesses reflects the stability of the proxy service provided by the web application firewall. In the embodiment of the invention, various ways for evaluating the stability of the proxy service provided by the web application firewall can be provided depending on the number of service access failures in the target access log.
A feasible implementation mode can count the total number of service access records and the number of service access failures in a target access log within a preset time period; and judging whether the ratio of the number of the service access failures to the total number of the service access records exceeds a preset threshold value or not.
And when the ratio of the number of the service access failures to the total number of the service access records exceeds a preset threshold value, switching the service site corresponding to the target access log to a bridge direct-through mode.
The value of the preset time period and the value of the preset threshold can be set according to actual requirements, for example, the preset time period can be set to 100 seconds, and the preset threshold can be set to 30%.
Taking the preset time period as 100 seconds as an example, in practical application, the total number of service access records and the number of service access failures in the target access log may be counted every 100 seconds. Assuming that the total number of service access records in the target access log is 200, the number of service access failures is 80, and 80/200 is 40%, and 40% > 30% in 100 seconds, at this time, the service site corresponding to the target access log may be switched to the bridge direct mode.
In another feasible implementation manner, whether the ratio of the number of service access failure pieces of the target access log at each level to the total number of service access records exceeds a preset threshold value or not can be judged; wherein each level has a total number of service access records corresponding to it. And when the ratio of the number of the service access failures at each level to the total number of the service access records exceeds a preset threshold, switching the service site corresponding to the target access log to a bridge direct mode.
For example, 4 levels may be set, and the total number of service access records corresponding to the 4 levels may be set to 10, 50, 100, and 200 in sequence. Taking the preset threshold as 30% as an example, in practical application, 10 service access records may be obtained, and it is calculated whether the number of access failures in the 10 service access records exceeds 10 × 30% — 3, and so on, 50 service access records may be obtained, and it is calculated whether the number of access failures in the 50 service access records exceeds 50 × 30% — 15. And when the ratio of the number of the service access failures to the total number of the service access records in the 4 levels exceeds a preset threshold value, switching the service site corresponding to the target access log to a bridge direct mode.
According to the technical scheme, the web application firewall is switched to the proxy mode, and the service site needing to be protected is added into the web application firewall. In order to know service access conditions during service provision of the web application firewall proxy service site, access logs corresponding to the service sites can be obtained. The processing mode of each access log is similar, taking any one of the access logs, namely a target access log, as an example, when the number of service access failures in the target access log meets a preset condition, it indicates that the web application firewall affects the operation stability of the service site, and at this time, the service site corresponding to the target access log can be switched to a bridge direct-through mode. By monitoring the access logs of each service site, when the number of failed service access logs meets the target access log of the preset condition, the operation mode of the service site corresponding to the target access log is changed in time, so that the stable accessibility of the service site is ensured, and the problems of site service blockage or unstable access caused by the failure of a web application firewall agent are effectively avoided.
In the embodiment of the invention, in order to facilitate managers to intuitively know the service compatibility of the web application firewall to each service site, when the number of service access failures in the target access log meets the preset condition, the service site corresponding to the target access log is switched to a bridge direct-through mode, and then prompt information that the web application firewall is incompatible with the service of the service site corresponding to the target access log can be displayed.
When the number of the service access failures in the target access log meets the preset condition, the situation that the web application firewall cannot be well compatible with the service of the service site corresponding to the target access log is shown, so that the situation that the service cannot be normally accessed occurs when the web application firewall protects the safety of the service site, and the problem that an administrator visually knows the compatibility of the web application firewall with the service site can be conveniently realized by displaying prompt information incompatible with the service.
In the embodiment of the invention, in order to more comprehensively know the service compatibility of the web application firewall to all service sites needing to be protected, when the number of service access failures in the target access log meets the preset condition, the number of the service sites switched to the bridge direct-through mode can be counted after the service sites corresponding to the target access log are switched to the bridge direct-through mode; judging whether the ratio of the number of the service sites to the total number of the service sites exceeds a preset limit value or not; and when the ratio of the number of the service sites to the total number of the service sites exceeds a preset limit value, performing alarm prompt.
The value of the preset limit value can be set according to actual requirements, and is not limited herein.
When the ratio of the number of the service sites to the total number of the service sites exceeds a preset limit value, the situation that the web application firewall is incompatible with the service of a large number of service sites is shown, and through alarming prompt, managers can know the situation in time conveniently, so that the functions of the web application firewall can be further improved, and the service compatibility of the web application firewall with the service sites is improved.
Fig. 2 is a schematic structural diagram of a service site mode switching apparatus according to an embodiment of the present invention, including a first switching unit 21, an adding unit 22, an obtaining unit 23, and a second switching unit 24;
a first switching unit 21 for switching the web application firewall to the proxy mode;
an adding unit 22, configured to add a service site to be protected in a web application firewall;
an obtaining unit 23, configured to obtain access logs corresponding to the service sites respectively; each access log comprises business access records when the web application firewall provides proxy service;
the second switching unit 24 is configured to switch the service site corresponding to the target access log to a bridge direct mode when the number of service access failures in the target access log meets a preset condition; the target access log is any one of all the access logs.
Optionally, the second switching unit includes a statistics subunit, a judgment subunit, and an execution subunit;
the counting subunit is used for counting the total number of the service access records and the number of service access failures in the target access log within a preset time period;
the judging subunit is used for judging whether the ratio of the number of the service access failures to the total number of the service access records exceeds a preset threshold value or not;
and the execution subunit is used for switching the service site corresponding to the target access log to a bridge direct mode when the ratio of the number of the service access failures to the total number of the service access records exceeds a preset threshold value.
Optionally, the second switching unit is specifically configured to determine whether the ratio of the number of service access failures of the target access log at each level to the total number of service access records exceeds a preset threshold; wherein, each hierarchy has a corresponding service access record total number; and when the ratio of the number of the service access failures at each level to the total number of the service access records exceeds a preset threshold, switching the service site corresponding to the target access log to a bridge direct mode.
Optionally, the device further comprises a display unit;
and the display unit is used for displaying prompt information that the web application firewall is incompatible with the service of the service site corresponding to the target access log after the service site corresponding to the target access log is switched to the bridge direct-through mode when the number of service access failures in the target access log meets the preset condition.
Optionally, the system further comprises a statistical unit, a judging unit and a prompting unit;
the statistical unit is used for counting the number of the service sites switched to the bridge direct mode;
the judging unit is used for judging whether the ratio of the number of the service sites to the total number of the service sites exceeds a preset limit value or not;
and the prompting unit is used for giving an alarm when the ratio of the number of the service sites to the total number of the service sites exceeds a preset limit value.
The description of the features in the embodiment corresponding to fig. 2 may refer to the related description of the embodiment corresponding to fig. 1, and is not repeated here.
According to the technical scheme, the web application firewall is switched to the proxy mode, and the service site needing to be protected is added into the web application firewall. In order to know the service access situation of the web application firewall agent service site during service provision, the access log corresponding to each service site can be obtained. The processing mode of each access log is similar, taking any one of the access logs, namely a target access log, as an example, when the number of service access failures in the target access log meets a preset condition, it indicates that the web application firewall affects the operation stability of the service site, and at this time, the service site corresponding to the target access log can be switched to a bridge direct-through mode. By monitoring the access logs of each service site, when the number of failed service access logs meets the target access log of the preset condition, the operation mode of the service site corresponding to the target access log is changed in time, so that the stable accessibility of the service site is ensured, and the problems of site service blockage or unstable access caused by the failure of a web application firewall agent are effectively avoided.
Fig. 3 is a schematic hardware structure diagram of a service site mode switching apparatus 30 according to an embodiment of the present invention, including:
a memory 31 for storing a computer program;
a processor 32 for executing a computer program for implementing the steps of the service site mode switching method as described in any of the embodiments above.
An embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the steps of the service site mode switching method according to any of the above embodiments are implemented.
The method, the apparatus, and the computer-readable storage medium for switching the service site modes according to the embodiments of the present invention are described in detail above. The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed in the embodiment corresponds to the method disclosed in the embodiment, so that the description is simple, and the relevant points can be referred to the description of the method part. It should be noted that, for those skilled in the art, without departing from the principle of the present invention, it is possible to make various improvements and modifications to the present invention, and those improvements and modifications also fall within the scope of the claims of the present invention.
Those of skill would further appreciate that the various illustrative components and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the components and steps of the various examples have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.

Claims (10)

1. A method for switching service site modes, comprising:
switching a web application firewall to an agent mode, and adding a service site needing to be protected in the web application firewall;
acquiring access logs corresponding to the service sites respectively; each access log comprises business access records when the web application firewall provides proxy service;
when the number of service access failures in the target access log meets a preset condition, switching the service site corresponding to the target access log to a bridge direct-through mode; wherein the target access log is any one of all the access logs.
2. The method for switching the service site mode according to claim 1, wherein when the number of service access failures in the target access log satisfies a preset condition, switching the service site corresponding to the target access log to the bridge pass-through mode includes:
counting the total number of service access records and the number of service access failures in a target access log in a preset time period;
judging whether the ratio of the number of the service access failures to the total number of the service access records exceeds a preset threshold value or not;
and when the ratio of the number of the service access failures to the total number of the service access records exceeds a preset threshold, switching the service site corresponding to the target access log to a bridge direct-through mode.
3. The method for switching the mode of the service site according to claim 1, wherein the switching the service site corresponding to the target access log to the bridge pass-through mode when the number of the service access failures in the target access log satisfies a preset condition includes:
judging whether the ratio of the number of service access failures of the target access log at each level to the total number of service access records exceeds a preset threshold value; wherein, each hierarchy has a corresponding service access record total number;
and when the ratio of the number of the service access failures at each level to the total number of the service access records exceeds a preset threshold value, switching the service site corresponding to the target access log to a bridge direct mode.
4. The method for switching the mode of the service site according to claim 1, wherein when the number of service access failures in the target access log satisfies a preset condition, the method further includes, after switching the service site corresponding to the target access log to a bridge pass-through mode:
and displaying prompt information that the web application firewall is incompatible with the service of the service site corresponding to the target access log.
5. The method for switching the mode of the service site according to any one of claims 1 to 4, wherein when the number of service access failures in the target access log satisfies a preset condition, after the service site corresponding to the target access log is switched to the bridge pass-through mode, the method further includes:
counting the number of service sites switched to the bridge direct mode;
judging whether the ratio of the number of the service sites to the total number of the service sites exceeds a preset limit value or not;
and when the ratio of the number of the service sites to the total number of the service sites exceeds a preset limit value, performing alarm prompt.
6. A business site mode switching device is characterized by comprising a first switching unit, an adding unit, an acquiring unit and a second switching unit;
the first switching unit is used for switching the web application firewall to a proxy mode;
the adding unit is used for adding a service site needing to be protected in the web application firewall;
the acquisition unit is used for acquiring access logs corresponding to the service sites; each access log comprises business access records when the web application firewall provides proxy service;
the second switching unit is used for switching the service site corresponding to the target access log to a bridge direct-through mode when the number of service access failures in the target access log meets a preset condition; wherein the target access log is any one of all the access logs.
7. The traffic site mode switching apparatus according to claim 6, wherein the second switching unit includes a statistics subunit, a judgment subunit, and an execution subunit;
the counting subunit is used for counting the total number of the service access records and the number of service access failures in the target access log within a preset time period;
the judging subunit is configured to judge whether a ratio of the number of the service access failures to the total number of the service access records exceeds a preset threshold;
and the execution subunit is configured to switch the service site corresponding to the target access log to a bridge cut-through mode when a ratio of the number of the service access failures to the total number of the service access records exceeds a preset threshold.
8. The device for switching service site modes according to claim 6, wherein the second switching unit is specifically configured to determine whether ratios of the number of service access failures of the target access log at each level to the total number of service access records both exceed a preset threshold; wherein, each hierarchy has a corresponding service access record total number; and when the ratio of the number of the service access failures at each level to the total number of the service access records exceeds a preset threshold value, switching the service site corresponding to the target access log to a bridge direct mode.
9. A service site mode switching apparatus, comprising:
a memory for storing a computer program;
a processor for executing said computer program to implement the steps of the service site mode switching method according to any of claims 1 to 5.
10. A computer-readable storage medium, having stored thereon a computer program which, when being executed by a processor, carries out the steps of the service site mode switching method according to any one of claims 1 to 5.
CN202010888514.0A 2020-08-28 2020-08-28 Business site mode switching method and device and computer readable storage medium Active CN111970303B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010888514.0A CN111970303B (en) 2020-08-28 2020-08-28 Business site mode switching method and device and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010888514.0A CN111970303B (en) 2020-08-28 2020-08-28 Business site mode switching method and device and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN111970303A CN111970303A (en) 2020-11-20
CN111970303B true CN111970303B (en) 2022-08-26

Family

ID=73399981

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010888514.0A Active CN111970303B (en) 2020-08-28 2020-08-28 Business site mode switching method and device and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN111970303B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103095778A (en) * 2011-11-07 2013-05-08 北京知道创宇信息技术有限公司 Web application firewall and web application safety protection method
CN109743197A (en) * 2018-12-24 2019-05-10 中信百信银行股份有限公司 A kind of firewall deployment system and method based on priority configuration

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102752155B (en) * 2012-08-01 2016-05-11 杭州迪普科技有限公司 A kind of protection method for handover control and device
US9497165B2 (en) * 2015-03-26 2016-11-15 International Business Machines Corporation Virtual firewall load balancer
CN109067807A (en) * 2018-10-16 2018-12-21 杭州安恒信息技术股份有限公司 Safety protecting method, device and electronic equipment based on WEB application firewall overload
CN110868380B (en) * 2018-12-19 2022-08-23 北京安天网络安全技术有限公司 Network flow safety monitoring method and device, electronic equipment and storage medium
CN111314290B (en) * 2019-12-30 2022-06-24 北京长亭未来科技有限公司 Method and device for WEB application firewall service continuity protection and electronic equipment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103095778A (en) * 2011-11-07 2013-05-08 北京知道创宇信息技术有限公司 Web application firewall and web application safety protection method
CN109743197A (en) * 2018-12-24 2019-05-10 中信百信银行股份有限公司 A kind of firewall deployment system and method based on priority configuration

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
传统硬件Web应用防火墙在虚拟化环境下的部署;康玉虎;《数字通信世界》;20180901(第09期);第1-2页 *
浅谈Web应用防火墙对基于Web业务系统的保护;葛鹏;《江苏科技信息》;20101125(第11期);第1-3页 *

Also Published As

Publication number Publication date
CN111970303A (en) 2020-11-20

Similar Documents

Publication Publication Date Title
EP1784703B1 (en) Methods, systems and computer program products for evaluating security of a network environment
CN107040494B (en) User account abnormity prevention method and system
US10135862B1 (en) Testing security incident response through automated injection of known indicators of compromise
CN107438079A (en) A kind of detection method of the unknown abnormal behaviour in website
CN112905548B (en) Security audit system and method
CN108073499B (en) Application program testing method and device
CN110620690A (en) Network attack event processing method and electronic equipment thereof
CN113037562A (en) Gateway fault assessment method and device and server
CN110784358A (en) Method and device for constructing network call relation topological graph
CN110941632A (en) Database auditing method, device and equipment
CN111970303B (en) Business site mode switching method and device and computer readable storage medium
CN110519224B (en) Method and equipment for intelligently generating network protection strategy in virtualization environment
CN104219219A (en) Method, server and system for handling data
CN104881354A (en) Cloud disk monitoring method and device
CN111930548B (en) Fault simulation system for multi-cluster distributed service
CN110445779B (en) Automatic protection method and system for DNS system under attack
CN109710552B (en) Bus transmission quality evaluation method, system and computer storage medium
CN110324179B (en) Load abnormity warning method and related device
CN108650251B (en) Display processing method and device for network security comprehensive situation awareness data
CN107623602B (en) Automatic checking method and system
CN110955579A (en) Ambari-based large data platform monitoring method
CN112507270A (en) Website tampering alarm method based on title escape in cloud protection and related device
CN111124712A (en) Event notification method, device, server and storage medium
CN111262728A (en) Flow load monitoring system based on log port flow
CN104486415A (en) Determining method and device for working state of monitoring object

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant