CN112929347A - Frequency limiting method, device, equipment and medium - Google Patents
Frequency limiting method, device, equipment and medium Download PDFInfo
- Publication number
- CN112929347A CN112929347A CN202110095326.7A CN202110095326A CN112929347A CN 112929347 A CN112929347 A CN 112929347A CN 202110095326 A CN202110095326 A CN 202110095326A CN 112929347 A CN112929347 A CN 112929347A
- Authority
- CN
- China
- Prior art keywords
- address
- source
- access
- stored
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 94
- 230000000670 limiting effect Effects 0.000 title claims abstract description 54
- 238000004590 computer program Methods 0.000 claims description 8
- 230000002085 persistent effect Effects 0.000 claims description 8
- 230000000694 effects Effects 0.000 abstract description 5
- 230000008569 process Effects 0.000 description 53
- 238000010586 diagram Methods 0.000 description 8
- 230000002159 abnormal effect Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000007789 sealing Methods 0.000 description 2
- 230000001680 brushing effect Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 230000002688 persistence Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a frequency limiting method, a frequency limiting device, frequency limiting equipment and a frequency limiting medium, which are used for solving the problems of low frequency limiting timeliness and poor frequency limiting effect in the prior art. In the embodiment of the invention, after receiving the access information sent by the client, whether the pre-stored blacklist contains the source IP carried by the access information is judged, if not, whether the pre-stored grey list contains the source IP address is judged, and if so, the access of the client is limited to a certain extent. In the embodiment of the invention, the access information sent based on the IP addresses in the grey list is limited, and the time limit for storing the IP addresses in the grey list is longer than that for storing the IP addresses in the black list, so that the frequency limitation is effectively carried out on the access of the client, and the frequency limitation effectiveness and the frequency limitation effect are improved.
Description
Technical Field
The present invention relates to the field of network security technologies and data processing technologies, and in particular, to a method, an apparatus, a device, and a medium for limiting a frequency.
Background
With the progress of science and technology, live broadcasting is gradually popularized, users share life or achieve the purpose of profit through live broadcasting, however, in the live broadcasting, the situation of access amount of a false IP address is swept, the situation can cause the phenomena that other clients are blocked and normal experience is influenced when watching the live broadcasting, and the network is unsafe.
In order to solve the above technical problem, the method proposed in the prior art includes: distributed frequency limiting and local frequency limiting, wherein the distributed frequency limiting refers to a full frequency limiting function for providing statistics and frequency limiting, each business process reports the statistics information of the IP addresses which are denied access to the business process to the global frequency limiting at regular time, after the times of denied access of the source IP addresses reported by each business process are summarized and counted by the global frequency limiting, the times of denied access of some source IP addresses are found to exceed the limit, the source IP addresses are added into a blacklist, and the blacklist has a certain time limit and informs the business process to directly deny the access of the source IP addresses in the blacklist.
The distributed frequency limiting has a global view, the service process is distributed, the global frequency limiting collects and counts the number of times of the global refused access and uniformly limits the frequency, the influence on the performance of the service process is small, the flow statistic calculation is in charge of the global frequency limiting, and the service process only needs to be reported, so the distributed frequency limiting performance is very high. However, when a single point of failure occurs in the global frequency limit in the distributed frequency limit, the IP address in the blacklist will fail after a preset time limit, which results in that the frequency limit function will not work, and since the service process reports the statistical information of the IP addresses denied for access at regular time, when a certain IP address in the blacklist fails, if the client of the IP address accesses again for many times, the IP address is not added to the blacklist before the service process reports at regular time because the service process reports at regular time, however, multiple accesses have been implemented, so that the distributed frequency limit timeliness is not high, there is a certain delay, and a large number of illegal client accesses may be caused.
The local frequency limiting is that each business process independently calculates the IP address which is refused to access and directly adopts a frequency limiting algorithm to limit the frequency in the process. Because the report does not need to be reported regularly but is extreme in the service process directly, if the rejected times of a certain client exceed the frequency limit, the next access of the client is limited immediately, the availability is high, and the local frequency limit does not need to depend on a global central service for frequency limit, so that the decentralization is realized. However, the local frequency limit lacks a global view, each business process can only calculate the IP address which is denied access through itself, the denied IP addresses of other processes cannot be known, global statistics cannot be performed, theoretically, the more the business processes are, the worse the frequency limit effect is, and the business processes need to perform statistical calculation on the IP addresses which are denied access of themselves while performing frequency limit, so that the influence on the frequency limit performance is relatively poor.
Disclosure of Invention
The invention provides a frequency limiting method, a frequency limiting device, frequency limiting equipment and a frequency limiting medium, which are used for solving the problems of low frequency limiting timeliness and poor frequency limiting effect in the prior art.
In a first aspect, an embodiment of the present invention provides a frequency limiting method, where the method includes:
receiving access information sent by a client;
judging whether a pre-stored blacklist contains a source IP address carried by the access information;
if not, judging whether a pre-stored grey list contains the source IP address, if so, judging whether the access of the source IP address exceeds the limit, if so, rejecting the access of the client, wherein the storage time limit of the grey list IP address is longer than that of the blacklist IP address.
In a second aspect, an embodiment of the present invention provides a frequency limiting apparatus, where the apparatus includes:
the receiving module is used for receiving the access information sent by the client;
the judging module is used for judging whether a pre-stored blacklist contains a source IP address carried by the access information;
and the processing module is used for judging whether a pre-stored grey list contains the source IP address or not if the source IP address is not contained in the black list, judging whether the access of the source IP address exceeds the limit if the pre-stored grey list contains the source IP address, and rejecting the access of the client if the pre-stored grey list contains the source IP address, wherein the storage time limit of the grey list IP address is longer than that of the black list IP address.
In a third aspect, an embodiment of the present invention provides an electronic device, where the electronic device includes at least a processor and a memory, and the processor is configured to execute any of the steps of the frequency limiting method when executing a computer program stored in the memory.
In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, which stores a computer program, and the computer program is executed by a processor to perform the steps of any of the frequency limiting methods described above.
In the embodiment of the invention, after receiving the access information sent by the client, whether the pre-stored blacklist contains the source IP carried by the access information is judged, if not, whether the pre-stored grey list contains the source IP address is judged, and if so, the access of the client is limited to a certain extent. In the embodiment of the invention, the access information sent based on the IP addresses in the grey list is limited, and the time limit for storing the IP addresses in the grey list is longer than that for storing the IP addresses in the black list, so that the frequency limitation is effectively carried out on the access of the client, and the frequency limitation effectiveness and the frequency limitation effect are improved.
Drawings
In order to more clearly illustrate the technical solutions of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1 is a process diagram of a frequency limiting method according to an embodiment of the present invention;
fig. 2 is a schematic diagram illustrating a detailed implementation process of the frequency limiting method when determining a blacklist and a grey list according to an embodiment of the present invention;
fig. 3 is a schematic diagram illustrating a detailed implementation of the frequency limiting method in an electronic device according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a frequency limiting device according to an embodiment of the present invention;
fig. 5 is an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the purpose, technical solutions and advantages of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all embodiments. All other embodiments that can be derived from the embodiments given herein by a person of ordinary skill in the art are intended to be within the scope of the present disclosure.
In order to effectively limit the frequency of access information sent by a client, embodiments of the present invention provide a frequency limiting method, apparatus, device, and medium.
Example 1:
fig. 1 is a schematic process diagram of a frequency limiting method according to an embodiment of the present invention, where the process includes the following steps:
s101: and receiving the access information sent by the client.
The frequency limiting method provided by the embodiment of the invention is applied to electronic equipment, and the electronic equipment can be intelligent equipment such as a PC (personal computer) or a server.
In order to perform frequency limitation, in the embodiment of the present invention, the determination is performed based on the access information sent by the client, and the electronic device receives the access information sent by the client. And in the embodiment of the invention, the electronic equipment receives the access information sent by the client through the access layer.
In addition, in the embodiment of the present invention, in order to improve frequency limiting efficiency and reduce the possibility of false sealing, after receiving access information sent by a client, the electronic device marks the received access information according to a preset manner, for example, an integer composed of an IP address, a target room number, and the like carried by the access information may be used to identify the access information, specifically, how the electronic device marks the access information may be flexibly set in combination with an application scenario, and the electronic device marks the received access information according to a set result. For example, when the client sends the access information to the live broadcast room, the access information is marked by a 64-bit integer composed of the IP address and the target room number.
S102: and judging whether a pre-stored blacklist contains a source IP address carried by the access information, if so, performing S104, and if not, performing S103.
In order to accurately process the received access information, in the embodiment of the present invention, a blacklist is pre-stored, where the blacklist includes an IP address, and after receiving the access information sent by the client, a source IP address carried by the access information is obtained, and whether the IP address in the blacklist includes the source IP address is determined.
S103: and judging whether a pre-stored grey list contains the source IP address, if so, judging whether the access of the source IP address exceeds the limit, and if so, rejecting the access of the client, wherein the storage time limit of the grey list IP address is longer than that of the blacklist IP address.
If the IP address in the blacklist does not include the source IP address, in order to further determine whether the access information needs to be frequency-limited, in an embodiment of the present invention, a gray list is further stored, where the gray list includes an IP address of a client whose access is limited, and the IP address included in the gray list and the IP address included in the blacklist may have the same IP address or may have different IP addresses, and a time limit for storing the IP address in the gray list is longer than a time limit for storing the IP address in the blacklist, where the time limit for storing the IP address in the gray list may be permanent, and specifically, the time limit for storing the IP address in the gray list is not limited here. And because the storage time limit of the IP address of the grey list is longer than that of the IP address of the black list, the grey list can be regarded as a history collection of the black list.
And if the IP address contained in the grey list comprises the source IP address carried by the access information, judging whether the access of the source IP address exceeds the limit, and if the access of the source IP address exceeds the limit, performing frequency limiting treatment, namely rejecting the access of the client. If the limit is not exceeded, the pass is performed, i.e. the subsequent operation is performed according to the access information. In addition, when it is determined whether the access of the source IP address exceeds the limit, it is determined whether the access of the source IP address exceeds the limit by a token bucket method. That is, whether the access information belongs to normal partial access or not is judged according to the source IP address carried by the access information sent by the client, and if not, the access of the client is rejected. That is, the token bucket method is used for limiting the frequency of the access information of the client, the access of the normal part is allowed to pass, and the access of the abnormal part is refused. In particular, the token bucket method is prior art and is not limited herein.
S104: and if the blacklist contains the source IP address, the access of the client is refused.
In order to accurately limit frequency, after receiving access information sent by a client, if a source IP address carried by the access information is contained in a blacklist, it is indicated that the risk of refreshing the access amount of the access information sent by the client is extremely high, and the client may be an abnormal client, and then the access of the client is denied.
In the embodiment of the invention, after receiving the access information sent by the client, whether the pre-stored blacklist contains the source IP carried by the access information is judged, if not, whether the pre-stored grey list contains the source IP address is judged, and if so, the access of the client is limited to a certain extent. In the embodiment of the invention, the access information sent based on the IP addresses in the grey list is limited, the IP addresses in the grey list are the IP addresses with access amount brushing risk, and the time limit for storing the IP addresses in the grey list is longer than that for storing the IP addresses in the black list, so that the frequency limitation is effectively carried out on the access of the client, and the frequency limitation effect are improved.
Example 2:
in order to accurately process the access information sent by the client, on the basis of the foregoing embodiment, in an embodiment of the present invention, the method further includes:
if the grey list does not contain the source IP address, acquiring a target room number, a target room password and an age carried in the access information, judging whether the access information is normal or not according to a pre-stored room number, a pre-stored room password and an age threshold value, if so, allowing the client to access, and if not, rejecting the access of the client.
When the grey list is detected not to contain the source IP address, the source IP address can be released, in order to accurately limit the frequency, the access information sent by the client side can be further verified, because the client side sends the access information to enter a live broadcasting room, in the embodiment of the invention, the access information sent by the client side carries a target room number to be accessed and a target room password, when the grey list is judged not to contain the source IP address, the target room number to be accessed and the target room password carried in the access information are obtained, a room number consistent with the target room number is obtained according to the pre-stored room number, a room password corresponding to the room number is obtained according to the corresponding relation between the pre-stored room number and the room password, and whether the room password is consistent with the target room password carried by the access information is judged, and if not, rejecting the access of the client.
In order to accurately limit the frequency, the access information sent by the client also carries the age of the registered person, when the grey list is judged not to contain the source IP address, the age of the registered person carried in the access information is obtained, the room number consistent with the target room number is obtained according to the pre-stored room number, the age threshold corresponding to the room number is obtained according to the corresponding relation between the pre-stored room number and the age threshold, whether the age carried in the access information is smaller than the obtained age threshold is judged, and if yes, the access of the client is rejected.
And if the room password is consistent with the target room password carried by the access information, and the age of the registered person carried by the access information is greater than the obtained age threshold, allowing the client to access.
Fig. 2 is a schematic diagram illustrating a detailed implementation process of the frequency limiting method when determining the blacklist and the grey list according to an embodiment of the present invention.
S201: and receiving the access information sent by the client.
S202: and judging whether the source IP address carried by the access information is located in a blacklist, if so, executing S206, and if not, executing S203.
S203: and judging whether the source IP address is located in a grey list, if so, executing S204, and if not, executing S205.
S204: and judging whether the access of the source IP address exceeds the limit through a token bucket method, if so, executing S206, and if not, executing S205.
S205: and forwarding to the downstream.
That is, the subsequent operations are executed, and how to execute the subsequent operations is described in the above embodiments, which is not described herein again.
S206: access to the client is denied.
Example 3:
in order to accurately implement frequency limitation, on the basis of the foregoing embodiments, in an embodiment of the present invention, an IP address in the blacklist is obtained in the following manner:
counting the times of refusing access of the target source IP address within a preset time length aiming at each target source IP address refused to access, adding the target source IP address into the blacklist when the times are larger than a preset time threshold value, and recording the time of adding the target source IP address into the blacklist.
In order to accurately realize frequency limitation, in the embodiment of the present invention, a blacklist is stored, where IP addresses stored in the blacklist are all IP addresses for which access quantity risks are detected, specifically, when access information is frequently sent to a certain IP address within a preset time length and access is denied for multiple times, it is indicated that the IP address has risks, if the IP address is denied for more than a preset threshold of times within the preset time length, the IP address is added to the blacklist, that is, the access frequency of the IP address in a fixed time period is counted, and if the access frequency of the IP address exceeds a limit, the IP address is added to the blacklist, where the access frequency refers to the number of times access is denied for a fixed time.
In the embodiment of the present invention, each target source IP address denied for access is determined, when it is detected that the target source IP address is denied for access, the number of times that the target source IP address is denied for access in a preset time period is obtained, a judgment is made according to the number of times and a preset number threshold, whether the number of times is greater than the preset number threshold is determined, if yes, it is determined that the target source IP address is frequently accessed, the target source IP address is added to a blacklist, and since the blacklist has a certain time limit, when the target source IP address is added to the blacklist, the time that the target source IP address is added to the blacklist is saved, and the preset time length may be 1 minute, or 2 minutes, or 3 minutes, specifically, and the preset time length may be flexibly set according to requirements.
In the embodiment of the invention, whether the time for adding the IP address into the blacklist exceeds the time limit of the blacklist or not is judged for each IP address in the blacklist, if so, the IP address is removed from the blacklist, and when the IP address is carried in the access information sent by the client, the access of the client is not directly refused based on the blacklist.
In order to accurately implement frequency limitation, on the basis of the foregoing embodiments, in an embodiment of the present invention, an IP address in the gray list is obtained in the following manner:
for each target source IP address which is refused to access, judging whether the target source IP address is stored in a grey list when the target source IP address is added to a black list; if not, adding the target source IP address into the grey list, and recording the time when the target source IP address is added into the grey list.
Because the clients accessing based on the IP address include normal clients and abnormal clients, for example, the NAT technology can allow many clients to share one IP address, and in order to avoid false sealing, in the embodiment of the present invention, the IP address in the blacklist has an expiration time, that is, the time length for storing the IP address in the blacklist is limited, and when the IP address in the blacklist expires, that is, the time length for adding the IP address to the blacklist is greater than the set time length threshold, the IP address is no longer stored in the blacklist.
However, since the IP address is added to the black list, there is a high risk possibility, and therefore, in order to reduce the risk, a gray list is stored in the embodiment of the present invention, where the gray list stores a set of IP addresses that have been triggered to have a frequency limit, and are not directly frequency-limited currently, and if an IP address has been frequency-limited, it is unexpected that the IP address has a high probability of being an illegal IP address, and the possibility of triggering a frequency limit in the future is also high, and therefore, a gray list is stored in the embodiment of the present invention. And one IP address triggering the frequency limit is to directly deny the access of the client sending the access information when receiving the access information carrying the IP address, that is, the IP addresses stored in the grey list are all the IP addresses detected to have the risk of access amount swiped, specifically, when the access information is frequently sent by a certain target source IP address within a preset time length and is rejected for multiple times, it indicates that the target source IP address has the risk, if it is determined that the target source IP address is rejected within the preset time length, the target source IP address is added to the black list, and because the target source IP address may be stored in the black list or may not be stored in the grey list, it is determined whether the target source IP address is stored in the grey list when adding to the black list, and if the target source IP address is not stored in the grey list, adding the target source IP address into the grey list, and recording the time when the target source IP address is added into the grey list.
In addition, in the embodiment of the invention, because the time limit for storing the IP address in the blacklist is shorter, the grey list can be regarded as the history set of the blacklist, and the IP address in the grey list basically cannot expire or the storage time limit is very long.
In order to accurately implement frequency limiting, on the basis of the foregoing embodiments, in an embodiment of the present invention, the method further includes:
and if the target source IP address is stored in the grey list, updating the recorded time when the target source IP address is added to the grey list.
If the time limit for storing the IP address in the grey list is non-permanent, that is, the IP address in the grey list has a certain storage time limit, so that it is convenient to determine whether the time for storing the IP address in the grey list exceeds the time limit based on the time for adding the IP address to the grey list.
In order to accurately implement frequency limiting, on the basis of the foregoing embodiments, in an embodiment of the present invention, the method further includes:
and after restarting, acquiring the blacklist stored in the persistent storage.
In the embodiment of the invention, when the route forwarding process in the electronic device is restarted due to a fault, the blacklist stored in the persistent storage can be acquired, so that the IP address in the blacklist is not lost due to restart.
Because the route forwarding process in the electronic equipment is possibly distributed, writing the route forwarding process into the persistent storage in the blacklist is beneficial to realizing sharing and persistence, and is beneficial to other route forwarding processes to share the blacklist, and the route forwarding process is possibly restarted and has a fault at any time, and the blacklist can be ensured not to be lost due to restarting when being stored in the persistent storage. And directly refusing the access of the client terminal carrying the IP address and sending the access information in a preset time period aiming at the IP address in the blacklist.
Fig. 3 is a schematic diagram of a detailed implementation of the frequency limiting method in an electronic device according to an embodiment of the present invention, and the description is given by taking fig. 3 as an example.
S301: and the electronic equipment receives the access information sent by the client through the access layer. And sends it to the route forwarding process of the electronic device.
And when the access information of the client accesses, the service process is accessed through the route forwarding process.
S302: the method comprises the steps that a route forwarding process in the electronic equipment judges whether a blacklist in a persistent storage in the electronic equipment contains a source IP address according to the source IP address carried by access information of a client, if so, the access of the client is refused, if not, a grey list stored in a memory of the route forwarding process in the electronic equipment is judged whether the blacklist contains the source IP address, if so, whether the access of the source IP address exceeds the limit is judged through a token bucket method, and if so, the access of the client is refused.
In the embodiment of the invention, the route forwarding process also uses the grey list for frequency limitation, so that even if global traffic statistics fails and is unavailable, the frequency limitation effect of new illegal IP addresses can be influenced, and the old IP addresses which are subjected to frequency limitation can still effectively realize the frequency limitation of illegal access because the old IP addresses are stored in the grey list stored in the memory of each route forwarding process, namely the grey list is maintained in each route forwarding process. And because the blacklist is stored in the persistent storage, even if the routing forwarding process sends an unexpected restart, the IP address in the blacklist is not lost, so that the frequency limiting effect is not influenced.
And because the frequency limitation can be directly carried out on the IP addresses in the grey list in the route forwarding process, the process of reporting at regular time is omitted, and most abnormal accesses can be limited, the embodiment of the invention has high real-time performance.
S303: and if not, releasing and sending the access information to a business process in a business layer in the electronic equipment.
S304: and the service process in the electronic equipment judges whether the access information is normal according to the target room number, the target room password and the age carried in the access information and according to the pre-stored room number, the room password and the age threshold value, if so, the access is allowed, if not, the access of the client is denied, and a source IP address carried by the access information sent by the client which is denied is reported to the routing forwarding process in the electronic equipment at regular time.
And each service process counts the request and response result of each source IP address, wherein the request and response result means that the client has abnormity in sending access information and is denied access.
S305: and the route forwarding process in the electronic equipment aggregates the source IP addresses which are reported by all the service processes in the electronic equipment and are denied to access, and the global flow statistics in the electronic equipment is obtained.
S306: the method comprises the steps that global flow statistics in the electronic equipment is returned to the access frequency of each source IP address in a fixed time period of a route forwarding process, namely the global flow statistics is used for counting the rejected times of each source IP address in a preset time period of the source IP address which is rejected, the statistical result is returned to the route forwarding process in the electronic equipment, the route forwarding process judges whether the access frequency of each source IP address exceeds a limit, namely whether the rejected times exceed a preset time threshold, if yes, the source IP address is added into a blacklist, the source IP address is written into the electronic equipment for permanent storage, and the route forwarding process adds the source IP address into the blacklist and simultaneously adds the source IP address into a grey list and stores the source IP address into the route forwarding process.
In the embodiment of the invention, the route forwarding process only needs the source IP address which is denied access and reported by each business process in the electronic equipment, the client side which denies the access information carrying the IP address in the blacklist is accessed, and the access information carrying the IP address in the grey list is subjected to frequency limiting by the token bucket method.
Example 4:
fig. 4 is a schematic structural diagram of a frequency limiting device according to an embodiment of the present invention, where the device includes:
a receiving module 401, configured to receive access information sent by a client;
a judging module 402, configured to judge whether a pre-stored blacklist includes a source IP address carried by the access information;
a processing module 403, configured to determine whether a pre-stored grey list includes the source IP address if the black list does not include the source IP address, determine whether access to the source IP address exceeds a limit if the pre-stored grey list includes the source IP address, and deny access to the client if the pre-stored grey list includes the source IP address, where a storage time limit of the grey list IP address is longer than a storage time limit of the black list IP address.
In a possible implementation manner, the processing module 403 is specifically configured to deny the access of the client if the blacklist includes the source IP address.
In a possible implementation manner, the processing module 403 is specifically configured to, if the source IP address is not included in the grey list, obtain a target room number, a target room password, and an age carried in the access information, determine whether the access information is normal according to a pre-stored room number, a pre-stored room password, and a pre-stored age threshold, allow the client to access if the access information is normal, and deny the client to access if the access information is not normal.
In a possible implementation manner, the processing module 403 is specifically configured to count, for each target source IP address to which access is denied, the number of times that the target source IP address is denied for access within a preset time length, add the target source IP address to the blacklist when the number of times is greater than a preset number threshold, and record the time that the target source IP address is added to the blacklist.
In a possible implementation manner, the processing module 403 is specifically configured to, for each target source IP address that is denied access, determine whether the target source IP address is stored in a grey list when the target source IP address is added to the black list; if not, adding the target source IP address into the grey list, and recording the time when the target source IP address is added into the grey list.
In a possible implementation manner, the processing module 403 is specifically configured to update the recorded time when the target source IP address is added to the grey list if the target source IP address is stored in the grey list.
In a possible embodiment, the apparatus further comprises: an obtaining module 404, configured to obtain, after the reboot, a blacklist stored in the persistent storage.
Example 5:
on the basis of the foregoing embodiments, an embodiment of the present invention further provides an electronic device, as shown in fig. 5, including: the system comprises a processor 501, a communication interface 502, a memory 503 and a communication bus 504, wherein the processor 501, the communication interface 502 and the memory 503 are communicated with each other through the communication bus 504.
The memory 503 has stored therein a computer program which, when executed by the processor 501, causes the processor 501 to perform the steps of: firstly, receiving access information sent by a client, judging whether a pre-stored blacklist contains a source IP address carried by the received access information, if the blacklist does not contain the source IP address, judging whether a pre-stored grey list contains the source IP address, if the grey list contains the source IP address, judging whether the access of the source IP address exceeds a limit, and if the access exceeds the limit, rejecting the access of the client. And the storage time limit of the IP addresses in the grey list is longer than that of the IP addresses in the black list.
The electronic device provided by the embodiment of the invention can be used for executing the frequency limiting method provided by any embodiment, and has corresponding beneficial effects.
Example 6:
on the basis of the foregoing embodiments, the present invention further provides a computer-readable storage medium, in which a computer program executable by a processor is stored, and when the program runs on the processor, the processor is caused to execute the following steps: firstly, receiving access information sent by a client, judging whether a pre-stored blacklist contains a source IP address carried by the received access information, if the blacklist does not contain the source IP address, judging whether a pre-stored grey list contains the source IP address, if the grey list contains the source IP address, judging whether the access of the source IP address exceeds a limit, and if the access exceeds the limit, rejecting the access of the client. And the storage time limit of the IP addresses in the grey list is longer than that of the IP addresses in the black list.
The computer storage readable medium provided by the embodiment of the present invention stores therein a computer program executable by an electronic device, and when the program runs on the electronic device, the computer storage readable medium can be used for executing the advertisement delivery distribution method provided by any of the above embodiments, and has corresponding functions and advantages.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (10)
1. A method for limiting frequency, the method comprising:
receiving access information sent by a client;
judging whether a pre-stored blacklist contains a source IP address carried by the access information;
if not, judging whether a pre-stored grey list contains the source IP address, if so, judging whether the access of the source IP address exceeds the limit, if so, rejecting the access of the client, wherein the storage time limit of the grey list IP address is longer than that of the blacklist IP address.
2. The method of claim 1, further comprising:
and if the blacklist contains the source IP address, the access of the client is refused.
3. The method of claim 1, further comprising:
if the grey list does not contain the source IP address, acquiring a target room number, a target room password and an age carried in the access information, judging whether the access information is normal or not according to a pre-stored room number, a pre-stored room password and an age threshold value, if so, allowing the client to access, and if not, rejecting the access of the client.
4. The method according to any of claims 1-3, wherein the IP addresses in the blacklist are obtained by:
counting the times of refusing access of the target source IP address within a preset time length aiming at each target source IP address refused to access, adding the target source IP address into the blacklist when the times are larger than a preset time threshold value, and recording the time of adding the target source IP address into the blacklist.
5. The method of claim 4, wherein the IP addresses in the gray list are obtained by:
for each target source IP address which is refused to access, judging whether the target source IP address is stored in a grey list when the target source IP address is added to a black list; if not, adding the target source IP address into the grey list, and recording the time when the target source IP address is added into the grey list.
6. The method of claim 5, further comprising:
and if the target source IP address is stored in the grey list, updating the recorded time when the target source IP address is added to the grey list.
7. The method of claim 1, further comprising:
and after restarting, acquiring the blacklist stored in the persistent storage.
8. A frequency limiting apparatus, the apparatus comprising:
the receiving module is used for receiving the access information sent by the client;
the judging module is used for judging whether a pre-stored blacklist contains a source IP address carried by the access information;
and the processing module is used for judging whether a pre-stored grey list contains the source IP address or not if the source IP address is not contained in the black list, judging whether the access of the source IP address exceeds the limit if the pre-stored grey list contains the source IP address, and rejecting the access of the client if the pre-stored grey list contains the source IP address, wherein the storage time limit of the grey list IP address is longer than that of the black list IP address.
9. An electronic device, characterized in that the electronic device comprises at least a processor and a memory, the processor being adapted to perform the steps of the frequency limiting method of any of claims 1-7 when executing a computer program stored in the memory.
10. A computer-readable storage medium, characterized in that it stores a computer program which, when being executed by a processor, carries out the steps of the frequency limiting method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110095326.7A CN112929347B (en) | 2021-01-25 | 2021-01-25 | Frequency limiting method, device, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110095326.7A CN112929347B (en) | 2021-01-25 | 2021-01-25 | Frequency limiting method, device, equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112929347A true CN112929347A (en) | 2021-06-08 |
| CN112929347B CN112929347B (en) | 2023-06-27 |
Family
ID=76166189
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110095326.7A Active CN112929347B (en) | 2021-01-25 | 2021-01-25 | Frequency limiting method, device, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112929347B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113395277A (en) * | 2021-06-10 | 2021-09-14 | 工银科技有限公司 | Method, device, system and medium for dynamically adjusting quasi-blacklist and blacklist |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105939361A (en) * | 2016-06-23 | 2016-09-14 | 杭州迪普科技有限公司 | Method and device for defensing CC (Challenge Collapsar) attack |
| US20170126686A1 (en) * | 2015-11-03 | 2017-05-04 | WikiEye EAD | System and Method for Managed Access to Electronic Content |
| US10237875B1 (en) * | 2015-09-25 | 2019-03-19 | Amazon Technologies, Inc. | Routing-aware network limiter |
| CN109831461A (en) * | 2019-03-29 | 2019-05-31 | 新华三信息安全技术有限公司 | A kind of distributed denial of service ddos attack defence method and device |
| CN109862025A (en) * | 2019-02-28 | 2019-06-07 | 北京安护环宇科技有限公司 | Access control method, apparatus and system based on black and white lists |
| CN110335031A (en) * | 2019-07-11 | 2019-10-15 | 中国银行股份有限公司 | A kind of problem account information investigation method and device |
| CN110572416A (en) * | 2019-10-15 | 2019-12-13 | 赛尔网络有限公司 | blacklist generation method and device, electronic equipment and medium |
| CN110611673A (en) * | 2019-09-18 | 2019-12-24 | 赛尔网络有限公司 | IP credit calculation method, device, electronic equipment and medium |
| CN111030936A (en) * | 2019-11-18 | 2020-04-17 | 腾讯云计算(北京)有限责任公司 | Current-limiting control method and device for network access and computer-readable storage medium |
-
2021
- 2021-01-25 CN CN202110095326.7A patent/CN112929347B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10237875B1 (en) * | 2015-09-25 | 2019-03-19 | Amazon Technologies, Inc. | Routing-aware network limiter |
| US20170126686A1 (en) * | 2015-11-03 | 2017-05-04 | WikiEye EAD | System and Method for Managed Access to Electronic Content |
| CN105939361A (en) * | 2016-06-23 | 2016-09-14 | 杭州迪普科技有限公司 | Method and device for defensing CC (Challenge Collapsar) attack |
| CN109862025A (en) * | 2019-02-28 | 2019-06-07 | 北京安护环宇科技有限公司 | Access control method, apparatus and system based on black and white lists |
| CN109831461A (en) * | 2019-03-29 | 2019-05-31 | 新华三信息安全技术有限公司 | A kind of distributed denial of service ddos attack defence method and device |
| CN110335031A (en) * | 2019-07-11 | 2019-10-15 | 中国银行股份有限公司 | A kind of problem account information investigation method and device |
| CN110611673A (en) * | 2019-09-18 | 2019-12-24 | 赛尔网络有限公司 | IP credit calculation method, device, electronic equipment and medium |
| CN110572416A (en) * | 2019-10-15 | 2019-12-13 | 赛尔网络有限公司 | blacklist generation method and device, electronic equipment and medium |
| CN111030936A (en) * | 2019-11-18 | 2020-04-17 | 腾讯云计算(北京)有限责任公司 | Current-limiting control method and device for network access and computer-readable storage medium |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113395277A (en) * | 2021-06-10 | 2021-09-14 | 工银科技有限公司 | Method, device, system and medium for dynamically adjusting quasi-blacklist and blacklist |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112929347B (en) | 2023-06-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106713049B (en) | Monitoring alarm method and device | |
| CN107634959B (en) | Protection method, device and system based on automobile | |
| CN109889550B (en) | DDoS attack determination method and device | |
| CN109756528B (en) | Frequency control method and device, equipment, storage medium and server | |
| CN112887105B (en) | Conference security monitoring method and device, electronic equipment and storage medium | |
| CN108259426B (en) | DDoS attack detection method and device | |
| CN112333159B (en) | Mobile Internet of things terminal access control method, device and system based on block chain | |
| CN114268957B (en) | Abnormal business data processing method, device, server and storage medium | |
| CN112019533A (en) | Method and system for relieving DDoS attack on CDN system | |
| CN113992356A (en) | Method and device for detecting IP attack and electronic equipment | |
| US20070265976A1 (en) | License distribution in a packet data network | |
| CN112995046A (en) | Content distribution network traffic management method and equipment | |
| CN112929347A (en) | Frequency limiting method, device, equipment and medium | |
| CN108092777B (en) | Method and device for supervising digital certificate | |
| CN107819754B (en) | Anti-hijacking method, monitoring server, terminal and system | |
| CN115811428A (en) | Defense method, system, equipment and storage medium for resisting DDoS attack | |
| CN116260650A (en) | Interface interaction data safety protection method based on AI high-speed regular matching | |
| CN113795002B (en) | Method and device for intercepting junk short messages and computer readable storage medium | |
| US6823378B2 (en) | Method and apparatus in network management system for performance-based network protocol layer firewall | |
| CN112688970B (en) | Large-traffic DDoS attack detection method and system based on programmable chip | |
| CN114386047A (en) | Application vulnerability detection method and device, electronic equipment and storage medium | |
| CN110708165B (en) | Multi-CA automatic scheduling method based on request response | |
| CN113821410A (en) | Log processing method and device | |
| CN112312165A (en) | Video distribution method and device and computer readable storage medium | |
| CN114221807B (en) | Access request processing method, device, monitoring equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |