CN112804222B - Data transmission method, device, equipment and storage medium based on cloud deployment - Google Patents
Data transmission method, device, equipment and storage medium based on cloud deployment Download PDFInfo
- Publication number
- CN112804222B CN112804222B CN202011644229.0A CN202011644229A CN112804222B CN 112804222 B CN112804222 B CN 112804222B CN 202011644229 A CN202011644229 A CN 202011644229A CN 112804222 B CN112804222 B CN 112804222B
- Authority
- CN
- China
- Prior art keywords
- information
- signature information
- acquisition request
- data acquisition
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a data transmission method, a data transmission device, data transmission equipment and a data transmission storage medium based on cloud deployment, and relates to the technical field of data transmission. The method comprises the following steps: when a data acquisition request sent by a client is received, extracting signature information in the data acquisition request; judging whether the signature information is repeated signature information according to the local cache record information; when the signature information is not the repeated signature information, forwarding the data acquisition request to a target server; and receiving response data fed back by the target server based on the data acquisition request, and forwarding the response data to the client. The invention isolates the communication between the client and the target server, authenticates and forwards the request through the intermediate device, can effectively prevent malicious attack, improves the safety of the server, has strong universality and low cost, and is beneficial to deployment.
Description
Technical Field
The invention relates to the technical field of data transmission, in particular to a data transmission method, a data transmission device, data transmission equipment and a storage medium based on cloud deployment.
Background
In a network environment, servers are often subject to various attacks, resulting in the servers running abnormally and even crashing. In order to protect the security of the server, security control software is usually installed on the server, but the setting of the security control software is complicated, and the computing resources of the server are consumed. Therefore, how to easily implement security protection of a server is a technical problem to be solved urgently.
The above is only for the purpose of assisting understanding of the technical solution of the present invention, and does not represent an admission that the above is the prior art.
Disclosure of Invention
The invention mainly aims to provide a data transmission method, a data transmission device, data transmission equipment and a storage medium based on cloud deployment, and aims to solve the technical problem that in the prior art, a security protection measure architecture of a server is complex.
In order to achieve the above object, the present invention provides a data transmission method based on cloud deployment, which comprises the following steps:
when a data acquisition request sent by a client is received, extracting signature information in the data acquisition request;
judging whether the signature information is repeated signature information according to the local cache record information;
when the signature information is not the repeated signature information, forwarding the data acquisition request to a target server;
and receiving response data fed back by the target server based on the data acquisition request, and forwarding the response data to the client.
Optionally, when the signature information is not repeated signature information, forwarding the data acquisition request to the target server, including:
when the signature information is not repeated signature information, acquiring node load information of a target cluster server;
determining a target server from the target cluster server according to the node load information, and acquiring address information of the target server;
extracting request text information in the data acquisition request, and generating a forwarding request according to the request text information and the address information;
and sending the forwarding request to the target server.
Optionally, when the signature information is not repeated signature information, obtaining node load information of the target cluster server includes:
extracting timestamp information from the signature information when the signature information is not repeated signature information;
judging whether the data acquisition request meets a preset condition or not according to the current time information and the timestamp information;
and when the data acquisition request meets a preset condition, acquiring node load information of the target cluster server.
Optionally, when the signature information is not the repeated signature information, acquiring the node load information of the target cluster server includes:
when the signature information is not repeated signature information, extracting token information from the signature information;
judging whether the data acquisition request is legal or not according to the preset token information and the token information;
and when the data acquisition request is legal, acquiring the node load information of the target cluster server.
Optionally, when a data acquisition request sent by a client is received, extracting signature information in the data acquisition request includes:
when a data acquisition request sent by a client is received, acquiring node load information of a current cluster server;
determining a current processing server from the current cluster server according to the node load information of the current cluster server;
and sending the data acquisition request to the current processing server so that the current processing server extracts and feeds back the signature information in the data acquisition request.
Optionally, the determining, according to the local cache record information, whether the signature information is the repeated signature information includes:
acquiring historical signature information according to the local cache record information;
comparing the signature information with historical signature information to obtain a comparison result;
and judging whether the signature information is repeated signature information according to the comparison result.
Optionally, receiving response data fed back by the target server based on the data obtaining request, and forwarding the response data to the client, where the receiving response data includes:
when response information fed back by a target server based on a data acquisition request is received, determining IP information corresponding to the response information;
judging whether the IP information meets a preset condition or not according to a preset legal IP table;
and when the IP information meets the preset condition, extracting response data from the response information, and forwarding the response data to the client.
In addition, in order to achieve the above object, the present invention further provides a data transmission device based on cloud deployment, including:
the receiving module is used for extracting signature information in a data acquisition request when the data acquisition request sent by a client is received;
the judging module is used for judging whether the signature information is repeated signature information according to the local cache record information;
the request forwarding module is used for forwarding the data acquisition request to a target server when the signature information is not repeated signature information;
and the data forwarding module is used for receiving response data fed back by the target server based on the data acquisition request and forwarding the response data to the client.
In addition, in order to achieve the above object, the present invention further provides a data transmission device based on cloud deployment, where the data transmission device based on cloud deployment includes: a memory, a processor, and a cloud deployment-based data transfer program stored on the memory and executable on the processor, the cloud deployment-based data transfer program when executed by the processor implementing the steps of the cloud deployment-based data transfer method as above.
In addition, in order to achieve the above object, the present invention further provides a storage medium, where a data transmission program based on cloud deployment is stored on the storage medium, and when executed by a processor, the data transmission program based on cloud deployment implements the steps of the data transmission method based on cloud deployment as above.
When a data acquisition request sent by a client is received, extracting signature information in the data acquisition request; judging whether the signature information is repeated signature information according to the local cache record information; when the signature information is not the repeated signature information, forwarding the data acquisition request to a target server; and receiving response data fed back by the target server based on the data acquisition request, and forwarding the response data to the client. The invention isolates the communication between the client and the target server, authenticates and forwards the request through the intermediate device, can effectively prevent malicious attack, improves the safety of the server, has strong universality and low cost, and is beneficial to deployment.
Drawings
Fig. 1 is a schematic structural diagram of a data transmission device based on cloud deployment in a hardware operating environment according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of a data transmission method based on cloud deployment according to a first embodiment of the present invention;
fig. 3 is a flowchart illustrating a data transmission method based on cloud deployment according to a second embodiment of the present invention;
fig. 4 is a schematic flow chart of a data transmission method based on cloud deployment according to a third embodiment of the present invention;
fig. 5 is a block diagram of a first embodiment of a data transmission device based on cloud deployment according to the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a data transmission device based on cloud deployment in a hardware operating environment according to an embodiment of the present invention.
As shown in fig. 1, the data transmission device based on cloud deployment may include: a processor 1001, such as a Central Processing Unit (CPU), a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), and the optional user interface 1003 may further include a standard wired interface and a wireless interface, and the wired interface for the user interface 1003 may be a USB interface in the present invention. The network interface 1004 may optionally include a standard wired interface, a WIreless interface (e.g., a WIreless-FIdelity (WI-FI) interface). The Memory 1005 may be a Random Access Memory (RAM) Memory or a Non-volatile Memory (NVM), such as a disk Memory. The memory 1005 may alternatively be a storage device separate from the processor 1001 described previously.
Those skilled in the art will appreciate that the architecture shown in fig. 1 does not constitute a limitation of a cloud-based deployment of data transfer devices, and may include more or fewer components than shown, or some components in combination, or a different arrangement of components.
As shown in fig. 1, a memory 1005, identified as a computer storage medium, may include an operating system, a network communication module, a user interface module, and a data transmission program based on a cloud deployment.
In the data transmission device based on cloud deployment shown in fig. 1, the network interface 1004 is mainly used for connecting a background server and performing data communication with the background server; the user interface 1003 is mainly used for connecting user equipment; the data transmission device based on cloud deployment calls a data transmission program based on cloud deployment stored in the memory 1005 through the processor 1001, and executes the data transmission method based on cloud deployment provided by the embodiment of the present invention.
Based on the hardware structure, the embodiment of the data transmission method based on cloud deployment is provided.
Referring to fig. 2, fig. 2 is a schematic flow chart of a first embodiment of the data transmission method based on cloud deployment, and provides the first embodiment of the data transmission method based on cloud deployment.
In a first embodiment, a data transmission method based on cloud deployment includes the steps of:
step S10: when a data acquisition request sent by a client is received, extracting signature information in the data acquisition request.
It should be understood that the executing subject of this embodiment may be the data transmission device based on cloud deployment, where the data transmission device based on cloud deployment has functions of data processing, data communication, program running, and the like, and the data transmission device based on cloud deployment may be a computer device such as a computer or a server, and of course, other devices having similar functions may also be used, and this embodiment is not limited thereto.
It should be understood that the client may be a device such as a mobile phone, a tablet, or a computer, and the user may initiate a data acquisition request to the server through the client, where the data acquisition request may be an HTTP request. In this embodiment, the data obtaining request may include an application call instruction, and the client may call a data obtaining application in the cloud-based deployed data transmission device through the application call instruction to obtain the required data.
It should be noted that the signature information may be a special identifier for identification in the data acquisition request. In specific implementation, when a client initiates a data acquisition request, each parameter in the data acquisition request is encrypted to obtain signature information. For example, request body data in the data acquisition request is encrypted by the SHA-256 algorithm, and the obtained hash value is used as signature information. Of course, the signature information may also be in other manners, and this embodiment is not limited to this.
Step S20: and judging whether the signature information is the repeated signature information according to the local cache record information.
It should be noted that the local cache record is a processing record of the cloud-deployed data transmission device on the historical data acquisition request, and the local cache record includes signature information in the historical data acquisition request. When the data transmission device deployed by the cloud processes one data acquisition request, the signature information contained in the request is stored in the original cache record.
In a specific implementation, the determining process may be: acquiring historical signature information according to the local cache record information; comparing the signature information with historical signature information to obtain a comparison result; and judging whether the signature information is repeated signature information according to the comparison result. The comparison result has two types, the first type is that the historical signature information has the same information with the signature information, and the second type is that the historical signature information does not have the same information with the signature information. Obviously, if the comparison result is the first type, the signature information is the repeated signature information; if the second type is used, the signature information is not duplicated.
It should be understood that, if there is an attacker hijacking the data acquisition request and using the request to perform DOS attack, the cloud-deployed data transmission device processes the request for the first time, and then the local cache record stores corresponding signature information. Therefore, for the subsequently received request, the signature information is repeated, so that the service is refused, the DOS attack is identified, and the security of the database is improved.
Step S30: and when the signature information is not the repeated signature information, forwarding the data acquisition request to the target server.
It should be noted that the target server can be used to provide the user with the required data, and has functions of data communication, data transmission, data search, and the like. In this embodiment, the target server may be an Elasticsearch server, which is a Lucene-based search server that provides a distributed multi-user capable full-text search engine. The user can initiate a data acquisition request through the client to control the Elasticsearch server to execute a search function and feed back a search result, wherein the data acquisition request can comprise a keyword for searching and the like.
In order to further ensure the security of the target server, the firewall of the target server in this embodiment is set to be open only to the data transmission device deployed based on the cloud. The method is used for accessing the target server only through the data transmission equipment based on cloud deployment, and cannot directly access the target server.
In addition, in order to improve the performance of the Elasticsearch server in the embodiment, a NAS (Network Attached Storage) device is externally connected to the Elasticsearch server, and the NAS device is used for storing related search data. Meanwhile, the communication between the Elasticsearch server and the NAS is also controlled through a firewall, and other devices are prohibited from accessing.
Step S40: and receiving response data fed back by the target server based on the data acquisition request, and forwarding the response data to the client.
It can be understood that after receiving the data acquisition request, the target server searches for data according to the request content, and if corresponding data required by the user exists, feeds the searched data back to the data transmission device based on cloud deployment as response data. Meanwhile, in order to ensure data security, the response data also needs to be forwarded to the client through the data transmission device based on cloud deployment.
In the first embodiment, when a data acquisition request sent by a client is received, signature information in the data acquisition request is extracted; judging whether the signature information is repeated signature information according to the local cache record information; when the signature information is not the repeated signature information, forwarding the data acquisition request to a target server; and receiving response data fed back by the target server based on the data acquisition request, and forwarding the response data to the client. According to the embodiment, the communication between the client and the target server is isolated, the request is authenticated and forwarded through the intermediate device, malicious attack can be effectively prevented, the safety of the server is improved, and the method is strong in universality, low in cost and beneficial to deployment.
Referring to fig. 3, fig. 3 is a schematic flow chart of a second embodiment of the data transmission method based on cloud deployment according to the present invention, and the second embodiment of the data transmission method based on cloud deployment according to the present invention is proposed based on the first embodiment.
In the second embodiment, the step S30 specifically includes:
step S301: and when the signature information is not the repeated signature information, acquiring the node load information of the target cluster server.
It should be noted that, in order to improve the performance of the target server, the target server in the present embodiment may be set as a cluster server. The cluster server can simultaneously process a plurality of data acquisition requests through a plurality of nodes, thereby avoiding data blockage and improving data searching capacity. Each node in the cluster server may be a server, or one server may be provided with multiple processing partitions, each serving as a processing node. The node load information may be memory occupancy of each processing node to reflect the processing condition of each node. According to the node load information, the processing node is determined to process the data acquisition request under the condition that the target cluster server load change is small.
Before the data acquisition request is ready to be forwarded, the data acquisition request can be re-verified in order to further ensure the validity of the data acquisition request. Specifically, when the signature information is not repeated signature information, extracting timestamp information from the signature information; judging whether the data acquisition request meets a preset condition or not according to the current time information and the timestamp information; and when the data acquisition request meets a preset condition, acquiring the node load information of the target cluster server.
It should be understood that, when the client initiates the data acquisition request, the client generates a timestamp according to the initiation time, and adds the timestamp to the data acquisition request. The preset condition may be to determine whether a time difference between the current time and the initiation time is within a preset time threshold. If the time difference between the current time and the initiating time is smaller than a preset time threshold, the data acquisition request is legal; otherwise, it is illegal.
In addition, the re-verifying the data acquisition request may further include: when the signature information is not repeated signature information, extracting token information from the signature information; judging whether the data acquisition request is legal or not according to the preset token information and the token information; and when the data acquisition request is legal, acquiring the node load information of the target cluster server.
It should be understood that, when the client initiates the data acquisition request, the client may also add a preset token to the data acquisition request. The preset token is a unique token registered by the client for identifying the identity of the client, which token is also stored in the server. Correspondingly, after the server judges that the signature is not a repeated signature, the server can also acquire a preset token in the data acquisition request; and judging whether the preset token is legal or not according to the locally stored token information. Specifically, when a token identical to the preset token exists in the token information, judging that the preset token is legal; otherwise, it is illegal. If the attacker launches the attack through the unauthenticated device, the server can also deny service because the attack cannot be verified through the token.
Of course, the signature, timestamp, and token may be used simultaneously. For example, the client performs sequencing encryption on parameters including a Token and a timestamp according to a preset encryption algorithm to obtain a signature sign, and then generates a request according to the Token, the timestamp and the sign. For example, the URL of the request is set to (http:// URL/requesttoken =123 ×ample =123&sign = 123123).
Step S302: and determining a target server from the target cluster servers according to the node load information, and acquiring the address information of the target server.
It is understood that, in order to ensure the operation efficiency of the target cluster server, the node with the smallest load in the current processing nodes can be generally used as the target server. Specifically, the memory vacancy rate of each processing node may be determined according to the node load information, and the server corresponding to the processing node with the smallest memory vacancy rate is used as the target server.
Of course, the node load information may also include information about each node sequence, where a node sequence refers to a sequential relationship in which each node in the target cluster server processes the data acquisition request in sequence, and the node sequence information may include information about a processing node of the last data acquisition request. And determining a processing node corresponding to the last data acquisition request according to the node load information, determining a current processing node corresponding to the current data acquisition request according to the node sequence, and taking a server corresponding to the current processing node as a target server.
It should be noted that the data transmission device deployed based on the cloud stores address information of each server in the target cluster server. After the target server is determined, the address information corresponding to the target server can be searched according to the stored address information.
Step S303: and extracting request text information in the data acquisition request, and generating a forwarding request according to the request text information and the address information.
It can be understood that the client cannot directly access the target server, and the data transmission device deployed based on the cloud needs to rewrite the request to access the target server. When the request is rewritten, the request text information in the original data acquisition request can be extracted and used as the request text of the rewritten request; rewriting the request head according to the address information of the target server; and finally, generating a complete forwarding request according to the rewritten request header and the request text.
Step S304: and sending the forwarding request to the target server.
After the data transmission equipment based on cloud deployment generates the forwarding request, the forwarding request is sent to the target server, so that the target server executes corresponding operation according to the forwarding request and feeds back response data.
In the second embodiment, when the signature information is not the repeated signature information, the node load information of the target cluster server is acquired; determining a target server from the target cluster server according to the node load information, and acquiring address information of the target server; extracting request text information in the data acquisition request, and generating a forwarding request according to the request text information and the address information; and sending the forwarding request to the target server. According to the embodiment, the request is forwarded according to the load condition of the target cluster server, so that the operation efficiency of the target cluster server is ensured, and the data acquisition speed is increased. Meanwhile, in order to further prevent malicious attacks, timestamp verification and token verification are added to the data acquisition request in the embodiment, so that the safety of the server is protected.
Referring to fig. 4, fig. 4 is a schematic flowchart of a third embodiment of the data transmission method based on cloud deployment according to the present invention, and the third embodiment of the data transmission method based on cloud deployment according to the present invention is proposed based on the first embodiment and the second embodiment. The present embodiment is explained based on the first embodiment.
In a third embodiment, the step S10 specifically includes:
step S101: and when a data acquisition request sent by a client is received, acquiring the node load information of the current cluster server.
In order to further improve the request processing capacity, the data transmission device based on cloud deployment, which is the main execution body of the method, can also be a configuration cluster server. Each node in the cluster server may be a server, or a server may be provided with multiple processing partitions, each serving as a processing node. The node load information may be memory occupancy of each processing node to reflect the processing condition of each node.
Step S102: and determining the current processing server from the current cluster server according to the node load information of the current cluster server.
It is understood that, in order to ensure the response efficiency of the data transmission device based on cloud deployment to the client, the node with the smallest load in the current processing nodes can be generally used as the current processing server. Specifically, the memory vacancy rate of each processing node may be determined according to the node load information, and the server corresponding to the processing node with the smallest memory vacancy rate is used as the target server.
Of course, the node load information may further include sequence information of each node, where a node sequence refers to a sequential relationship in which each node in the data transmission device deployed based on the cloud processes the data acquisition request in sequence, and the sequence information of the node may include information of a processing node of the last data acquisition request. And determining a processing node corresponding to the last data acquisition request according to the node load information, determining a current processing node corresponding to the current data acquisition request according to the node sequence, and taking a server corresponding to the current processing node as a current processing server.
Step S103: and sending the data acquisition request to the current processing server so that the current processing server extracts and feeds back the signature information in the data acquisition request.
It should be noted that, a central node exists in the data transmission device deployed based on the cloud, and the central node is used to implement scheduling on each processing node. After the current processing server is determined, the central node sends the data acquisition request to the current processing server so that the current processing server extracts and feeds back the signature information in the data acquisition request, and the central node performs verification on the signature information and forwarding operation of the data acquisition request. Of course, the current processing server may also directly perform the verification of the signature information and the data acquisition request forwarding operation after extracting the signature information, without going through the central node.
In addition, in order to prevent the response data from being intercepted, the present embodiment may also verify the response information of the target server. Specifically, step S40 includes: when response information fed back by a target server based on a data acquisition request is received, determining IP information corresponding to the response information; judging whether the IP information meets a preset condition or not according to a preset legal IP table; and when the IP information meets the preset condition, extracting response data from the response information, and forwarding the response data to the client.
It can be understood that the preset legal IP table defines the IP addresses allowed to be accessed, and the judgment whether the IP information meets the preset condition according to the preset legal IP table may be: and judging whether the IP address in the IP information belongs to a legal IP in a preset IP control table, if so, meeting a preset condition to indicate that the response information is legal, and otherwise, not judging the response information is legal.
In the third embodiment, when a data acquisition request sent by a client is received, node load information of a current cluster server is acquired; determining a current processing server from the current cluster server according to the node load information of the current cluster server; and sending the data acquisition request to the current processing server so that the current processing server extracts and feeds back the signature information in the data acquisition request. The embodiment determines the current processing server for processing the data acquisition request sent by the client according to the load condition of the current cluster server, thereby ensuring the operating efficiency of the server and improving the response speed of the client. Meanwhile, in order to further ensure data security, response information fed back by the target server is verified, and data is prevented from being tampered.
In addition, an embodiment of the present invention further provides a data transmission device based on cloud deployment, and referring to fig. 5, fig. 5 is a block diagram of a structure of a first embodiment of the data transmission device based on cloud deployment according to the present invention.
In this embodiment, the data transmission apparatus based on cloud deployment includes:
the receiving module 10 is configured to, when receiving a data acquisition request sent by a client, extract signature information in the data acquisition request;
the judging module 20 is configured to judge whether the signature information is repeated signature information according to the local cache record information;
a request forwarding module 30, configured to forward the data obtaining request to the target server when the signature information is not the repeated signature information;
and the data forwarding module 40 is configured to receive response data fed back by the target server based on the data acquisition request, and forward the response data to the client.
In this embodiment, when a data acquisition request sent by a client is received, signature information in the data acquisition request is extracted; judging whether the signature information is repeated signature information according to the local cache record information; when the signature information is not the repeated signature information, forwarding the data acquisition request to a target server; and receiving response data fed back by the target server based on the data acquisition request, and forwarding the response data to the client. According to the embodiment, the communication between the client and the target server is isolated, the request is authenticated and forwarded through the intermediate device, malicious attack can be effectively prevented, the safety of the server is improved, the universality is high, the cost is low, and the deployment is facilitated.
In an embodiment, the request forwarding module 30 is further configured to obtain node load information of the target cluster server when the signature information is not repeated signature information; determining a target server from the target cluster server according to the node load information, and acquiring address information of the target server; extracting request text information in the data acquisition request, and generating a forwarding request according to the request text information and the address information; and sending the forwarding request to the target server.
In an embodiment, the request forwarding module 30 is further configured to extract timestamp information from the signature information when the signature information is not repeated signature information; judging whether the data acquisition request meets a preset condition or not according to the current time information and the timestamp information; and when the data acquisition request meets a preset condition, acquiring node load information of the target cluster server.
In an embodiment, the request forwarding module 30 is further configured to extract token information from the signature information when the signature information is not repeated signature information; judging whether the data acquisition request is legal or not according to the preset token information and the token information; and when the data acquisition request is legal, acquiring the node load information of the target cluster server.
In an embodiment, the receiving module 10 is further configured to, when receiving a data obtaining request sent by a client, obtain node load information of a current cluster server; determining a current processing server from the current cluster server according to the node load information of the current cluster server; and sending the data acquisition request to the current processing server so that the current processing server extracts and feeds back the signature information in the data acquisition request.
In an embodiment, the determining module 20 is further configured to obtain historical signature information according to the local cache record information; comparing the signature information with historical signature information to obtain a comparison result; and judging whether the signature information is repeated signature information according to the comparison result.
In an embodiment, the data forwarding module 40 is further configured to, when response information fed back by the target server based on the data acquisition request is received, determine IP information corresponding to the response information; judging whether the IP information meets a preset condition or not according to a preset legal IP table; and when the IP information meets the preset condition, extracting response data from the response information, and forwarding the response data to the client.
Other embodiments or specific implementation manners of the cloud deployment-based data transmission device according to the present invention may refer to the above method embodiments, and are not described herein again.
In addition, an embodiment of the present invention further provides a storage medium, where a data transmission program based on cloud deployment is stored, and when executed by a processor, the data transmission program based on cloud deployment implements the steps of the data transmission method based on cloud deployment described above.
Since the storage medium adopts all technical solutions of all the embodiments, at least all the beneficial effects brought by the technical solutions of the embodiments are achieved, and no further description is given here.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of other like elements in a process, method, article, or system comprising the element.
The above-mentioned serial numbers of the embodiments of the present invention are only for description, and do not represent the advantages and disadvantages of the embodiments. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, third, etc. do not denote any order, but rather the words first, second, third, etc. are to be interpreted as names.
Through the description of the foregoing embodiments, it is clear to those skilled in the art that the method of the foregoing embodiments may be implemented by software plus a necessary general hardware platform, and certainly may also be implemented by hardware, but in many cases, the former is a better implementation. Based on such understanding, the technical solutions of the present invention or portions thereof that contribute to the prior art may be embodied in the form of a software product, where the computer software product is stored in a storage medium (e.g., a Read Only Memory (ROM)/Random Access Memory (RAM), a magnetic disk, an optical disk), and includes several instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (9)
1. A data transmission method based on cloud deployment is characterized by comprising the following steps:
when a data acquisition request sent by a client is received, extracting signature information in the data acquisition request;
judging whether the signature information is repeated signature information according to local cache record information;
when the signature information is not repeated signature information, forwarding the data acquisition request to a target server;
receiving response data fed back by the target server based on the data acquisition request, and forwarding the response data to the client;
the judging whether the signature information is the repeated signature information according to the local cache record information comprises the following steps:
acquiring historical signature information according to local cache record information, wherein the historical signature information is signature information which is stored in a local cache record after the data acquisition request is processed for the first time when an attacker hijacks the data acquisition request and uses the data acquisition request to carry out DOS (direction of arrival) attack;
comparing the signature information with historical signature information to obtain a comparison result;
and judging whether the signature information is repeated signature information according to the comparison result.
2. The cloud deployment-based data transmission method of claim 1, wherein the forwarding the data acquisition request to a target server when the signature information is not repeated signature information comprises:
when the signature information is not repeated signature information, acquiring node load information of a target cluster server;
determining a target server from target cluster servers according to the node load information, and acquiring address information of the target server;
extracting request text information in the data acquisition request, and generating a forwarding request according to the request text information and the address information;
and sending the forwarding request to the target server.
3. The cloud deployment-based data transmission method according to claim 2, wherein the obtaining node load information of the target cluster server when the signature information is not repeated signature information includes:
when the signature information is not repeated signature information, extracting timestamp information from the signature information;
judging whether the data acquisition request meets a preset condition or not according to the current time information and the timestamp information;
and when the data acquisition request meets a preset condition, acquiring node load information of the target cluster server.
4. The cloud deployment-based data transmission method according to claim 2, wherein the obtaining node load information of the target cluster server when the signature information is not repeated signature information includes:
when the signature information is not repeated signature information, extracting token information from the signature information;
judging whether the data acquisition request is legal or not according to preset token information and the token information;
and when the data acquisition request is legal, acquiring the node load information of the target cluster server.
5. The cloud deployment-based data transmission method according to any one of claims 1 to 4, wherein the extracting signature information in a data acquisition request when the data acquisition request sent by a client is received includes:
when a data acquisition request sent by a client is received, acquiring node load information of a current cluster server;
determining a current processing server from the current cluster server according to the node load information of the current cluster server;
and sending the data acquisition request to the current processing server so that the current processing server extracts and feeds back the signature information in the data acquisition request.
6. The cloud deployment-based data transmission method according to any one of claims 1 to 4, wherein the receiving response data fed back by the target server based on the data acquisition request and forwarding the response data to the client includes:
when response information fed back by the target server based on the data acquisition request is received, determining IP information corresponding to the response information;
judging whether the IP information meets a preset condition or not according to a preset legal IP table;
and when the IP information meets a preset condition, extracting response data from the response information, and forwarding the response data to the client.
7. A data transmission device based on cloud deployment, the device comprising:
the system comprises a receiving module, a sending module and a receiving module, wherein the receiving module is used for extracting signature information in a data acquisition request when the data acquisition request sent by a client is received;
the judging module is used for judging whether the signature information is repeated signature information according to local cache record information;
the request forwarding module is used for forwarding the data acquisition request to a target server when the signature information is not repeated signature information;
the data forwarding module is used for receiving response data fed back by the target server based on the data acquisition request and forwarding the response data to the client;
the judging module is further configured to acquire historical signature information according to local cache record information, where the historical signature information is signature information that is stored in a local cache record after an attacker hijacks the data acquisition request and uses the data acquisition request to perform a DOS attack; comparing the signature information with historical signature information to obtain a comparison result; and judging whether the signature information is repeated signature information according to the comparison result.
8. A data transmission device based on cloud deployment is characterized by comprising: a memory, a processor, and a cloud deployment-based data transfer program stored on the memory and executable on the processor, the cloud deployment-based data transfer program when executed by the processor implementing the steps of the cloud deployment-based data transfer method of any of claims 1 to 6.
9. A storage medium having stored thereon a data transfer program based on a cloud deployment, which when executed by a processor implements the steps of the data transfer method based on a cloud deployment according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011644229.0A CN112804222B (en) | 2020-12-31 | 2020-12-31 | Data transmission method, device, equipment and storage medium based on cloud deployment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011644229.0A CN112804222B (en) | 2020-12-31 | 2020-12-31 | Data transmission method, device, equipment and storage medium based on cloud deployment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112804222A CN112804222A (en) | 2021-05-14 |
| CN112804222B true CN112804222B (en) | 2022-11-15 |
Family
ID=75809403
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011644229.0A Active CN112804222B (en) | 2020-12-31 | 2020-12-31 | Data transmission method, device, equipment and storage medium based on cloud deployment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112804222B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113368494A (en) * | 2021-06-30 | 2021-09-10 | 北京爱奇艺科技有限公司 | Cloud equipment distribution method and device, electronic equipment and storage medium |
| CN114035899B (en) * | 2021-11-15 | 2022-10-25 | 中原银行股份有限公司 | Cross-cluster parameter configuration method and device and electronic equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107172121A (en) * | 2017-03-29 | 2017-09-15 | 努比亚技术有限公司 | A kind of devices and methods therefor for preventing Data duplication from submitting |
| WO2019019593A1 (en) * | 2017-07-28 | 2019-01-31 | 深圳市光峰光电技术有限公司 | Stateless communication security signature method, terminal and server end |
| CN112019548A (en) * | 2020-08-28 | 2020-12-01 | 重庆可兰达科技有限公司 | User-defined interface signature method, server and system for preventing malicious attacks |
-
2020
- 2020-12-31 CN CN202011644229.0A patent/CN112804222B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107172121A (en) * | 2017-03-29 | 2017-09-15 | 努比亚技术有限公司 | A kind of devices and methods therefor for preventing Data duplication from submitting |
| WO2019019593A1 (en) * | 2017-07-28 | 2019-01-31 | 深圳市光峰光电技术有限公司 | Stateless communication security signature method, terminal and server end |
| CN112019548A (en) * | 2020-08-28 | 2020-12-01 | 重庆可兰达科技有限公司 | User-defined interface signature method, server and system for preventing malicious attacks |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112804222A (en) | 2021-05-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109743315B (en) | Behavior identification method, behavior identification device, behavior identification equipment and readable storage medium for website | |
| EP3481029B1 (en) | Internet defense method and authentication server | |
| CN105939326B (en) | Method and device for processing message | |
| CN106685932B (en) | A kind of file access system and method based on cloud service | |
| JP5704518B2 (en) | Confidential information leakage prevention system, confidential information leakage prevention method, and confidential information leakage prevention program | |
| CN107634959B (en) | Protection method, device and system based on automobile | |
| CN106779716B (en) | Authentication method, device and system based on block chain account address | |
| CN110071806B (en) | Data processing method and system based on interface verification | |
| CN110213276B (en) | Authorization verification method under micro-service architecture, server, terminal and medium | |
| CN111478910B (en) | User identity authentication method and device, electronic equipment and storage medium | |
| CN108259514B (en) | Vulnerability detection method and device, computer equipment and storage medium | |
| CN112804222B (en) | Data transmission method, device, equipment and storage medium based on cloud deployment | |
| CN102110200A (en) | Authentication method capable of being executed by computer | |
| CN107733853B (en) | Page access method, device, computer and medium | |
| CN109474600B (en) | Account binding method, system, device and equipment | |
| CN113347072B (en) | VPN resource access method, device, electronic equipment and medium | |
| CN111182537A (en) | Network access method, device and system for mobile application | |
| CN110619022B (en) | Node detection method, device, equipment and storage medium based on block chain network | |
| CN103888465A (en) | Method and device for detecting webpage hijacking | |
| US20180039771A1 (en) | Method of and server for authorizing execution of an application on an electronic device | |
| US9794261B2 (en) | Method and apparatus for controlling access to a server | |
| CN113949579A (en) | Website attack defense method and device, computer equipment and storage medium | |
| CN111147625B (en) | Method, device and storage medium for acquiring local external network IP address | |
| CN113259429A (en) | Session keeping control method, device, computer equipment and medium | |
| CN108965335B (en) | Method for preventing malicious access to login interface, electronic device and computer medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |